Computer Support Forum

internet crime complaint center virus + safe mode

Question: internet crime complaint center virus + safe mode

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 10-02-2013 16:05:37
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: []  [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [707416 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2009-11-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296096 2012-10-14] (RealNetworks, Inc.)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKU\User\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6595928 2012-05-25] (Yahoo! Inc.)
HKU\User\...\Run: [Facebook Update] "C:\Users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-08-29] (Facebook Inc.)
HKU\User\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [x]
HKU\User\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\User\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-04-13] (Google Inc.)
HKU\User\...\Run: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun [6859264 2012-12-26] (FreeDownloadManager.ORG)
HKU\User\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)
HKU\User\...\Run: [ieodjrzotp] C:\ProgramData\phxzbypky [x]
HKU\User\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\User\AppData\Roaming\phxzbypky [x ] ()
 
==================== Services (Whitelisted) ===================
 
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [135032 2010-04-29] (Symantec Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe /s [103792 2010-01-28] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll" /prefetch:1 [132984 2009-08-29] (Symantec Corporation)
 
==================== Drivers (Whitelisted) =====================
 
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20120919.001\BHDrvx64.sys [1385120 2012-08-31] (Symantec Corporation)
1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-27] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-27] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20120921.001\IDSvia64.sys [513184 2012-08-31] (Symantec Corporation)
3 O2SDGRDR; C:\Windows\System32\DRIVERS\o2sdgx64.sys [49568 2009-08-18] (O2Micro )
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2012-08-27] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120922.008\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20120922.008\EX64.SYS [x]
 
==================== NetSvcs (Whitelisted) ====================
 
 
==================== One Month Created Files and Folders ========
 
2013-02-10 16:05 - 2013-02-10 16:05 - 00000000 ____D C:\FRST
2013-02-10 10:18 - 2013-02-10 10:18 - 00000000 ____D C:\Users\User\AppData\Local\{554DD57D-1FD3-4351-95B4-824C8B67DC96}
2013-01-19 04:44 - 2013-02-10 11:10 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Roaming\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Local\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\All Users\phxzbypky.exe
2013-01-19 02:08 - 2013-01-19 02:08 - 00000000 ____D C:\Users\User\AppData\Local\{3470E7E9-8BCF-4237-BAE3-50BB6B225ED4}
2013-01-18 12:41 - 2013-01-18 12:41 - 00000000 ____D C:\Users\User\AppData\Local\{7891DF58-8B88-4631-A622-5268F6F66F7F}
2013-01-17 15:11 - 2013-01-17 15:11 - 00000000 ____D C:\Users\User\AppData\Local\{B605155D-F2C1-4EEF-8DB1-25D1944BCF7A}
2013-01-16 20:09 - 2013-01-18 04:28 - 00017336 ____A C:\Users\User\Documents\OLIVA Y JV 2012.xlsx
2013-01-16 09:04 - 2013-01-16 09:06 - 00012157 ____A C:\Users\User\Documents\VENTA PREMIER STORE DICIEMBRE 12-31-12.xlsx
2013-01-16 08:58 - 2013-01-16 08:58 - 00109519 ____A C:\Users\User\Documents\BUENO DOCUMENTO PERDIDAS Y GANANCIAS DE TODAS LAS TIENDAS DICIEMBRE, 2012.xlsx
2013-01-16 07:09 - 2013-01-16 07:09 - 00000000 ____D C:\Users\User\AppData\Local\{DEC6C981-5CD4-4739-9C28-56A451367B71}
2013-01-15 15:03 - 2013-01-15 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{1AC17FB3-C424-4E87-BC0D-4E5031788601}
2013-01-15 03:03 - 2013-01-15 03:03 - 00000000 ____D C:\Users\User\AppData\Local\{C54BB222-6559-436F-8777-943FFAE973B2}
2013-01-14 14:11 - 2013-01-14 14:11 - 00000000 ____D C:\Users\All Users\Free Download Manager
2013-01-14 03:28 - 2013-01-14 03:28 - 00000000 ____D C:\Users\User\AppData\Local\{C88FE482-752B-4183-8805-53E32287DE50}
2013-01-13 15:12 - 2013-01-13 15:12 - 00000000 ____D C:\Users\User\AppData\Local\{E915810F-63D4-4194-94F1-1BCFC24A6262}
2013-01-12 14:32 - 2013-01-13 03:12 - 00000000 ____D C:\Users\User\AppData\Local\{D04502F0-1654-409F-B3F2-F1A291BF3CC1}
2013-01-11 03:13 - 2013-01-11 03:13 - 00000000 ____D C:\Users\User\AppData\Local\{F0E3DCB4-D75B-4E49-8796-99ADFD173992}
 
==================== One Month Modified Files and Folders =======
 
2013-02-10 13:00 - 2012-08-07 11:37 - 01651585 ____A C:\Windows\WindowsUpdate.log
2013-02-10 12:40 - 2012-08-27 14:21 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-02-10 12:21 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-02-10 12:21 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-02-10 12:20 - 2012-08-25 18:55 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-02-10 12:19 - 2012-09-14 19:19 - 00000336 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2013-02-10 12:18 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-02-10 12:14 - 2012-09-03 06:18 - 00000000 ____D C:\Users\User\Tracing
2013-02-10 12:13 - 2013-01-19 04:41 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Local\phxzbypky.exe
2013-02-10 12:13 - 2013-01-19 04:41 - 00114176 ____A (Bipiho) C:\Users\All Users\phxzbypky.exe
2013-02-10 12:13 - 2012-08-25 18:55 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-02-10 12:13 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-02-10 12:13 - 2009-07-13 20:51 - 00033809 ____A C:\Windows\setupact.log
2013-02-10 11:47 - 2012-08-29 13:42 - 00000924 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3263359443-3437761228-2663719722-1000UA.job
2013-02-10 11:10 - 2013-01-19 04:44 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Roaming\phxzbypky.exe
2013-02-10 11:05 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-02-10 10:50 - 2012-08-14 12:17 - 00000000 ____D C:\Users\User\AppData\Local\Tific
2013-02-10 10:18 - 2013-02-10 10:18 - 00000000 ____D C:\Users\User\AppData\Local\{554DD57D-1FD3-4351-95B4-824C8B67DC96}
2013-01-20 09:30 - 2012-11-03 13:47 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2013-01-20 09:26 - 2009-07-13 20:45 - 00018432 _____ C:\Windows\System32\umstartup.etl
2013-01-20 09:02 - 2012-09-03 05:53 - 00000000 ____D C:\Users\User\AppData\Local\WeatherBug
2013-01-20 08:35 - 2013-01-03 21:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Free Download Manager
2013-01-20 07:14 - 2012-08-07 11:40 - 00000000 ____D C:\Users\All Users\Microsoft Help
2013-01-20 05:00 - 2012-09-03 05:50 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2013-01-20 04:52 - 2012-08-29 13:42 - 00000902 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3263359443-3437761228-2663719722-1000Core.job
2013-01-19 02:08 - 2013-01-19 02:08 - 00000000 ____D C:\Users\User\AppData\Local\{3470E7E9-8BCF-4237-BAE3-50BB6B225ED4}
2013-01-18 12:41 - 2013-01-18 12:41 - 00000000 ____D C:\Users\User\AppData\Local\{7891DF58-8B88-4631-A622-5268F6F66F7F}
2013-01-18 04:28 - 2013-01-16 20:09 - 00017336 ____A C:\Users\User\Documents\OLIVA Y JV 2012.xlsx
2013-01-17 15:11 - 2013-01-17 15:11 - 00000000 ____D C:\Users\User\AppData\Local\{B605155D-F2C1-4EEF-8DB1-25D1944BCF7A}
2013-01-16 09:06 - 2013-01-16 09:04 - 00012157 ____A C:\Users\User\Documents\VENTA PREMIER STORE DICIEMBRE 12-31-12.xlsx
2013-01-16 08:58 - 2013-01-16 08:58 - 00109519 ____A C:\Users\User\Documents\BUENO DOCUMENTO PERDIDAS Y GANANCIAS DE TODAS LAS TIENDAS DICIEMBRE, 2012.xlsx
2013-01-16 08:45 - 2010-04-13 20:44 - 00057072 ____A C:\Windows\PFRO.log
2013-01-16 07:09 - 2013-01-16 07:09 - 00000000 ____D C:\Users\User\AppData\Local\{DEC6C981-5CD4-4739-9C28-56A451367B71}
2013-01-15 20:10 - 2012-08-14 13:19 - 00000000 ____D C:\Users\User\AppData\Local\Google
2013-01-15 15:03 - 2013-01-15 15:03 - 00000000 ____D C:\Users\User\AppData\Local\{1AC17FB3-C424-4E87-BC0D-4E5031788601}
2013-01-15 03:03 - 2013-01-15 03:03 - 00000000 ____D C:\Users\User\AppData\Local\{C54BB222-6559-436F-8777-943FFAE973B2}
2013-01-14 14:11 - 2013-01-14 14:11 - 00000000 ____D C:\Users\All Users\Free Download Manager
2013-01-14 03:29 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2013-01-14 03:28 - 2013-01-14 03:28 - 00000000 ____D C:\Users\User\AppData\Local\{C88FE482-752B-4183-8805-53E32287DE50}
2013-01-13 19:22 - 2012-10-14 15:20 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-01-13 15:12 - 2013-01-13 15:12 - 00000000 ____D C:\Users\User\AppData\Local\{E915810F-63D4-4194-94F1-1BCFC24A6262}
2013-01-13 03:34 - 2012-11-03 13:47 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2013-01-13 03:34 - 2012-11-03 13:47 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-01-13 03:34 - 2012-11-03 13:46 - 00000000 ____D C:\Users\All Users\Skype
2013-01-13 03:12 - 2013-01-12 14:32 - 00000000 ____D C:\Users\User\AppData\Local\{D04502F0-1654-409F-B3F2-F1A291BF3CC1}
2013-01-11 03:43 - 2009-07-13 20:45 - 00426888 ____A C:\Windows\System32\FNTCACHE.DAT
2013-01-11 03:16 - 2012-08-27 14:22 - 67599240 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-01-11 03:13 - 2013-01-11 03:13 - 00000000 ____D C:\Users\User\AppData\Local\{F0E3DCB4-D75B-4E49-8796-99ADFD173992}
 
 
==================== Known DLLs (Whitelisted) =================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2013-01-03 21:28:37
Restore point made on: 2013-01-06 16:27:37
Restore point made on: 2013-01-06 16:34:42
Restore point made on: 2013-01-10 14:38:28
Restore point made on: 2013-01-11 03:13:04
Restore point made on: 2013-01-14 03:27:58
Restore point made on: 2013-01-18 12:45:38
Restore point made on: 2013-02-10 11:04:02
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 3892.47 MB
Available physical RAM: 3334.16 MB
Total Pagefile: 3890.62 MB
Available Pagefile: 3314.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Partitions =============================
 
1 Drive c: (TI105861W0E) (Fixed) (Total:453.8 GB) (Free:403.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:7.45 GB) (Free:5.69 GB) NTFS
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B         
  Disk 1    Online         7633 MB      0 B         
 
Partitions of Disk 0:
===============
 
Disk ID: C95F814A
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery          1500 MB  1024 KB
  Partition 2    Primary            453 GB  1501 MB
  Partition 3    Primary             10 GB   455 GB
 
==================================================================================
 
Disk: 0
Partition 1
Type  : 27
Hidden: Yes
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   System       NTFS   Partition   1500 MB  Healthy    Hidden  
 
=========================================================
 
Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: No
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   TI105861W0E  NTFS   Partition    453 GB  Healthy            
 
=========================================================
 
Disk: 0
Partition 3
Type  : 17 (Suspicious Type)
Hidden: Yes
Active: No
 
There is no volume associated with this partition.
 
=========================================================
 
Partitions of Disk 1:
===============
 
Disk ID: 00000000
 
  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary           7633 MB    16 KB
 
==================================================================================
 
Disk: 1
Partition 1
Type  : 07
Hidden: No
Active: Yes
 
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F                NTFS   Removable   7633 MB  Healthy            
 
=========================================================
 
Last Boot: 2013-02-10 10:57
 
==================== End Of Log =============================
 

Farbar Recovery Scan Tool (x64) Version: 06-02-2013
Ran by SYSTEM at 2013-02-10 16:19:04
Running from F:\
 
================== Search: "services.exe" ===================
 
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
 
====== End Of Search ======

Relevance 100%
Preferred Solution: internet crime complaint center virus + safe mode

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: internet crime complaint center virus + safe mode

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt
HKU\User\...\Run: [ieodjrzotp] C:\ProgramData\phxzbypky [x]
HKU\User\...\Policies\system: [DisableTaskMgr] 1
HKLM\...\Winlogon: [Shell] explorer.exe, C:\Users\User\AppData\Roaming\phxzbypky [x ] ()
2013-01-19 04:44 - 2013-02-10 11:10 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Roaming\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\User\AppData\Local\phxzbypky.exe
2013-01-19 04:41 - 2013-02-10 12:13 - 00114176 ____A (Bipiho) C:\Users\All Users\phxzbypky.exe
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options.Run FRST again like we did before but this time press the Fix button just once and wait.The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.Also boot the computer into normal mode and let me know how things are looking.Gringo

6 more replies
Relevance 118.9%

http://www.bleepingcomputer.com/forums/topic481664.html

I've got the exact same problem as this guy. Log into safe mode and the internet crime complaint center virus pops up.

Based off of the way that thread has started I copied it but realize that the steps might be different. Will gladly make a donation to whomever can fix my problem. Thank you!

I've also already turned on email notifications.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-01-2013
Ran by SYSTEM at 14-01-2013 17:24:21
Running from F:\
Windows 7 Professional (X86) OS Language: English(US)
The current controlset is ControlSet002

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [HPYpbHtCoK.exe] C:\ProgramData\HPYpbHtCoK.exe [x]
HKLM\...\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-01-04] (PC Tools)
HKLM\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [x]
HKLM\...\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" /n [106496 2007-08-01] (SHARP CORPORATION)
HKLM\...\Run: [SharpTray] "C:... Read more

Answer:Internet Crime Complaint Center Virus in safe mode as well

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

21 more replies
Relevance 118.9%

Mod Edit: Split from http://www.bleepingcomputer.com/forums/t/484042 ~Budapest
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-02-2013
Ran by SYSTEM at 10-02-2013 16:05:37
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: []  [x]
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [910136 2009-11-10] (TOSHIBA Corporation)
HKLM\...\Run: [HDMICtrlMan] %ProgramFiles%\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [1032536 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles... Read more

Answer:Internet crime complaint center virus + safe mode

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the Watch Topic Button, select Immediate N... Read more

3 more replies
Relevance 118.9%

I followed all the instructions of the following link below and it ask for my log information which is also below continued help would be extremely appreciated. Thanks

Internet Crime Complaint Center virus comes up even in safe mode
http://www.bleepingcomputer.com/forums/topic482741.html
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 27-01-2013 22:00:51
Running from G:\
(X64) OS Language: English(US)
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ===================

Attention: Software hive is missing.

ATTENTION: Unable to load Software hive.
==================== Services (Whitelisted) ===================
==================== Drivers (Whitelisted) =====================
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========

2013-01-27 21:57 - 2013-01-27 21:57 - 00000000 ___AD \Windows\debug
==================== One Month Modified Files and Folders =======

2013-01-27 21:57 - 2013-01-27 21:57 - 00000000 ___AD \Windows\debug
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== A... Read more

Answer:Internet Crime Complaint Center virus comes up even in safe mode

No help?

2 more replies
Relevance 118.9%

Hello,

My laptop has the Internet Crime Complaint Center virus, and it comes up even in safe mode. I saw another post about this, but the thread ended due to no response from the thread initiator. I am unable to even get the task manager to open. I am writing this using my Wife's Samsung chrome book.

Please advise what I should do....

Thanks so much!

Answer:Internet Crime Complaint Center virus comes up even in safe mode

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

45 more replies
Relevance 118.9%

I followed all the instructions of the following link below and it ask for my log information which is also below continued help would be extremely appreciated. Thanks

Internet Crime Complaint Center virus comes up even in safe mode
http://www.bleepingcomputer.com/forums/topic482741.html
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-01-2013 02 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 27-01-2013 22:00:51
Running from G:\
(X64) OS Language: English(US)
Attention: Could not load system hive.
Attention: System hive is missing.

==================== Registry (Whitelisted) ===================

Attention: Software hive is missing.

ATTENTION: Unable to load Software hive.
==================== Services (Whitelisted) ===================
==================== Drivers (Whitelisted) =====================
==================== NetSvcs (Whitelisted) ====================
==================== One Month Created Files and Folders ========

2013-01-27 21:57 - 2013-01-27 21:57 - 00000000 ___AD \Windows\debug
==================== One Month Modified Files and Folders =======

2013-01-27 21:57 - 2013-01-27 21:57 - 00000000 ___AD \Windows\debug
==================== Known DLLs (Whitelisted) =================
==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <===... Read more

Answer:Internet Crime Complaint Center virus comes up even in safe mode

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. I notice that you appear to be missing multiple system files, and in addition, the Software Hive in the Registry. Do you have a Windows installation or recovery disc on hand?

3 more replies
Relevance 118.9%

http://www.bleepingcomputer.com/forums/topic481664.html

I am having the same issues as this person was having with their computer.

The internet crime complaint center screen immediately shows up when booting to normal mode or safe mode with/without networking.

Here is my FRST.txt results and the search.txt results are below that. Thanks in advance for all of your hard work:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-02-2013 02
Ran by SYSTEM at 02-02-2013 09:25:51
Running from F:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [VMware Tools] "C:\Program Files\VMware\VMware Tools\VMwareTray.exe" [186992 2011-09-23] (VMware, Inc.)
HKLM\...\Run: [VMware User Process] "C:\Program Files\VMware\VMware Tools\VMwareUser.exe" [1104496 2011-09-23] (VMware, Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Owner\...\Run: [Otzaroys] C:\Users\Owner\AppData\Roaming\Nubiuv\riok.exe [277496... Read more

Answer:internet crime complaint center virus + safe mode

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

18 more replies
Relevance 118.9%

Hello. My PC with Vista Ultimate is infected with the IC3 ransomware. I initially opened in Safe Mode (with Networking) and ran Malwarebytes scan, which identified some items; removed, re-booted and the virus screen reappeared. Tried again in Safe Mode and ran Full scan; more items, after removal and re-boot, same screen. Tried Safe Mode a third time and tried to open Emisoft IExplore; after a few screen flickers, the IC3 screen block appeared again, in Safe Mode. Now everytime i try to open Safe Mode with Networking the IC3 screen block appears. Any advice at all will be greatly appreciated. Thanks!!

Answer:internet crime complaint center virus in safe mode

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

48 more replies
Relevance 117.45%

 I have the same  virus as this one:
http://www.bleepingcomputer.com/forums/t/481664/internet-crime-complaint-center-virus-in-safe-mode/
 
Thank you very much for your help!!!
 
here are my log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-03-2013 01
Ran by SYSTEM at 12-03-2013 23:03:39
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US)
The current controlset is ControlSet001
==================== Registry (Whitelisted) ===================
HKLM\...\Run: []  [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482080 2009-08-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [596... Read more

Answer:internet crime complaint center virus in safe mode on my laptop

Hello daniel_hb Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at ... Read more

6 more replies
Relevance 117.45%

The internet crime complaint center virus is in my safe mode. I start my computer, tap F8 and select " Safe Mode With Networking ". After hitting " Enter " I press " Ctrl - Alt - Delete. The Box appears but Task manager is not selectable and the "internet crime complaint center" full screen appears and I can go no further in safe mode. Please help.

Answer:'removing internet crime complaint center virus from safe mode'

Hello obxbound , Welcome to Bleeping Computer.
My name is fireman4it and I will be helping you with your Malware problem.

Please take note of some guidelines for this fix:
Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
I will be analyzing your log. I will get back to you with instructions.Do you have a USB Flash Drive you can use?Can you tell me what windows version you are using? Xp, Vista, 7 or 8?IS it 32Bit or 64Bit?

3 more replies
Relevance 92.22%

Got this on my Windows 7 Ultimate machine. Cannot boot in any of the safe modes or any regular modes. I know how to rove this if I could get beyond the warning screen. Please help.

Answer:Internet Crime Complaint Center Virus

Ok I got in safe mode via command prompt from my windows 7 boot disk. Glad I had that.

1 more replies
Relevance 92.22%

My computer is locked down by a screen claiming to be the Internet Crime Complaint Center. It says to remove the screen I have to pay a fine. In normal mode I can't do anything including opening task manager. I am using windows 7. I am able to start in Safe Mode and I also have the Repair Your Computer option. I am finding conflicting information on what to do after either of these options so I need someone to please help me to remove this virus. Thanks.

Answer:Internet Crime Complaint Center virus

Boot into safemode with networkingDownloadTDSSkillerLaunch it.Click on change parameters-Select TDLFS file systemClick on "Scan".Please post the LOG report(log file should be in your C drive) Do not change the default options on scan resultsDownloadaswMBRLaunch it, allow it to download latest Avast! virus definitionsClick the "Scan" button to start scan.After scan finishes,click on Save logPost the log results here.If you get crashes in normal mode,run it in safemode with networkingDownloadESET online scannerInstall itClick on START,it should download the virus definitionsWhen scan gets completed,click on LIST of found threatsExport the list to desktop,copy the contents of the text file in your reply

5 more replies
Relevance 92.22%

Hello, I have got the Internet Crime Complaint Center virus, and I don't know how to remove it, I tried to do everything that says in removal guide, but non of safe modes works..If somebody knows how can I do it please help me
Thank You!

Answer:Internet Crime Complaint Center virus

Hi Alice, there is a different section of the forum which handles virus removal. Read through this page NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum then create a new thread here and someone will help you out.

1 more replies
Relevance 92.22%

Hey guys, im having  the same trouble with my friend pc.
Already run the FRST and get this log
 
Here is the only place i found some useful help. Thank you!
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013
Ran by SYSTEM at 15-03-2013 10:54:22
Running from I:\
Microsoft Windows XP  Service Pack 1 (X86) OS Language: Portuguese Standard 
The current controlset is ControlSet001
 
==================== Registry (Whitelisted) ===================
 
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Run: [ROC_roc_dec12] "C:\Arquivos de programas\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM\...\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Arquivos de programas\iTunes\iTunesHelper.exe" [152544 2012-12-12] (Apple Inc.)
HKLM\...\Run: [BCSSync] "C:\Arquivos de programas\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS6ServiceManager] "C:\Arquivos de progr... Read more

Answer:internet crime complaint center virus

Hello jhonn Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your ... Read more

11 more replies
Relevance 92.22%

Got Internet Crime Complaint Center Virus went to safemode with networking . ran malyware and spybot . rebooted Internet Crime Complaint Center Virus still on screen . Know I can't start in safe mode . all available answers say to start in safemode which I can no longer do . Help

Answer:Internet Crime Complaint Center Virus

Reference: http://www.bleepingcomputer.com/virus-removal/remove-fbi-anti-piracy-warning-ransomware

Louis

9 more replies
Relevance 91.06%

Same problem as in this thread: http://www.bleepingcomputer.com/forums/topic481664.html
Couldn't start in any of the safe modes without the virus locking up the computer, so I went to "repair" option at startup and launched command prompt.

The following is my log from FRST. Thanks!
[FRST.txt]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2013
Ran by SYSTEM at 16-01-2013 10:34:49
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [776608 2009-12-18] (Lenovo)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup [16414312 2009-12-11] (NVIDIA Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [6988736 2009-12-16] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [167008 2009-... Read more

Answer:Internet Crime Complaint Center Virus Win7

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

18 more replies
Relevance 82.65%

I am running windows xp professional. This virus has taken over. The picture pops up in safe mode, safe mode with command prompt, and safe mode with networking. It won't let me do anything but make a payment. PLEASE HELP!!!!

Answer:Internet crime complaint center

Welcome aboard I'll report this topic to appropriate helpers.Hold on....

2 more replies
Relevance 82.65%

Help!
My PC picked this up last night and I've tried many of the internet suggested fixes. There isn't any file named ctfmon.lnk to be found anywhere. However I did find pj_bsfjeb that I cannot delete because it says "the action cannot be completed because the file is open Quad Database Monitor." It also will not always start in safe mode. Sometimes I just have to press F8 all during startup and I get a black background screen with large icons (like safe mode) but it doesn't say safe mode in the corners. I also installed Malwarebytes and it did it's rkill thing but the virus is still here. I don't have any backup set up either. How can I get rid of it?
Thanks,
John

Answer:Internet Crime Complaint Center Win 7

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

3 more replies
Relevance 82.65%

I am infected with the "internet crime complaint center" ransomware I guess. I have a Windows XP SP3 PC that is unable to even reboot to safe mode without having the infection show that nasty screen. Normally this PC runs Avira free Antivirus. I have Malwarebytes too and this PC's internt runs through a Cisco router.

I was going to try the: Remove the FBI MoneyPak Ransomware or the Reveton Trojan By Lawrence Abrams and I have searched the forums for help but I am unable to see how to get past the "FBI" screen to begin to try anything.

Help would be appreciated. Thanks in advance.

Answer:internet crime complaint center

Try this please. You will need a USB drive.Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computerInsert your USB drivePress Start > My Computer > right click your USB drive > choose Format > Quick formatDouble click the unetbootin-xpud-windows-387.exe that you just downloadedPress Run[/b then OKSelect the DiskImage option then click the browse button located on the right side of the textbox field.Browse to and select the xpud-0.9.2.iso file you downloadedVerify the correct drive letter is selected for your USB device then click OKIt will install a little bootable OS on your USB deviceOnce the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interfaceAfter it has completed do not choose to reboot the clean computer simply close the installerNext download http://noahdfear.net/downloads/driver.sh to your USBRemove the USB and insert it in the sick computerBoot the Sick computerPress F12 and choose to boot from the USBFollow the promptsA Welcome to xPUD screen will appearPress FileExpand mntsda1,2...usually corresponds to your HDDsdb1 is likely your USBClick on the folder that represents your USB drive (sdb1 ?)Confirm that you see driver.sh that you downloaded therePress Tool at the topChoose Open TerminalType bash driver.shPress EnterAfter it has finished a report will ... Read more

25 more replies
Relevance 81.2%

I am dealing with a computer, running Windows XP Pro SP3, infected with Internet Crime Complaint Center

I enter safe mode with networking, but the virus shows up there as well. If I try Ctrl-Alt-Del to access task manger the screen goes black and shows the logo for Windows XP Pro only.

I have tried Kaspersky boot disk, no such luck.

Any suggestions?

Answer:Internet Crime Compaint Center - cannot run task manager in safe mode

I'll report this topic to appropriate helpers.
Hold on.

2 more replies
Relevance 80.91%

Never saw this one before. Very clever scam -- to activate your webcam so you see yourself onscreen. I actually laughed out loud when I saw it.

Anyway, I think I found a good procedure through a general Google search to off this thing, but I had a couple quick questions. BTW, this in on an older HP notebook running on Vista.

1) Does Bleeper Computer have a foolproof procedure posted to remove this? If so, could someone send it to me. You guys always have the best fixes.

2) Usually when I get something like this, I immediately go to SAFE MODE, download the latest definitions for MalwareBytes and run a full scan, which takes care of it. This time, TWICE, it shut down the MB scan early on, so I assume I need to stop some processes first, right?

Anyway, thank you in advance for your help.

Best,
EducatedGuess

Answer:Internet Crime Complaint Center Spyware Removal

More information: I found the "fix" listed for this on BC. I followed all the instructions, and also downloaded and successfully ran Rkill.

Now the problem is the computer will not stay running. As I'm going into SAFE MODE, the computer keeps shutting down during boot up. I cannot even get to MalwareBytes to run it in SAFE MODE.

Am I toast?

Thank You,
EducatedGuess

2 more replies
Relevance 75.98%

Got this on my Windows 7 Ultimate machine. I cannot boot via regular mode or any of the safe modes. What other options are out there besides wiping the system?
 

Answer:Internet Crime Complaint Virus Help

Ok I got in safe mode via command prompt from my windows 7 boot disk. Glad I had that.
 

1 more replies
Relevance 75.98%

I recently had the fun interaction of receiving this internet crime complaint center virus.I tried the first of removal steps:Restarting my computer with no internet connection.. Nothing.Restarting my computer in safe mode with networking.. Nothing.Restarting my computer in safe mode with command prompt.. I almost got something here. The command prompt started to come up, only for the virus screen to reappear.I couldn't get anywhere to actually remove anything.I really have no idea what to try from this point considering I can't get to my desktop at all. [Does logging into a different user matter at all?]I am running Windows XP.I don't have everything on my computer backed up so a complete reinstall is a total last resort for me/ [Also I heard from multiple sources that this did no good].Please help! I would love my computer back.

Answer:Internet Crime Complaint Virus

I'll report this topic to appropriate helpers.
Hold on...

34 more replies
Relevance 106.19%

Need help with this one

WinXP SP3 box, hit an infected website. Was able to reboot to safe mode, clean with TFC, run Malwarebytes and Eset Online scanner. Seems clean but infection resurfaces sometime during night, probably on scheduled Restart.

Thanks in advance

George

Answer:Internet Crime Complaint Virus Remove help

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

35 more replies
Relevance 93.48%

Hi there I picked up this virus and now the desktop looks like the attached.

I cant start the machine in safe mode in any of the variants.

Im on windows 7, can you help please?

Much appreciated.
 

Answer:Police Crime Virus - cant acess safe mode

16 more replies
Relevance 90.61%

My Vostro 1500 laptop (Windows XP) has been infected with that virus, and I don't know exactly what to do. Most of the tutorial videos on YouTube about getting rid of the virus are for Windows 7 and don't help at all. I have been able to go into safemode, but have found no good instruction on what to do next. The other thing is, I seem to have the splash screen that is a bit different than others I have seen on-line. It reads in part,"Threat of Prosecution Reminder". How do I disable and delete the virus?Thank you so much in advance...*Moderator Edit: Moved topic from XP to the more appropriate forum. ~ Queen-Evie* 

Answer:Internet Crimes Complaint Center Virus (or FBI Moneypak Virus)

I suppose I will just try and follow the guide 'Remove the FBI MoneyPak Ransomware or the Reveton Trojan'. The splash screen for the virus looks a bit different than seen in the guide, which is why I am a bit hesitant, but it will hopefully still work..?

6 more replies
Relevance 79.13%

My friend has a dell e510 media center edition. Apparently she has not been able to access the internet for over 6 months.I first:Checked for proxy's both lan and internet settings control panelrebuilt stack/ winsocket fix.full malwarebytes scan and cleanIn normal mode, I can open a cmd prompt and ping yahoo.com no problem. No browser accessIn safe mode everything works.I've done 2 hijackthis scans, one in normal mode and one in safe both below:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:58:31 PM, on 10/24/2011Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\netdde.exeC:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\GEARSec.exeC:\Program F... Read more

Answer:Media center edition sp3 no internet unless in safe mode

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424833 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

2 more replies
Relevance 79.13%

Hello there,
 
my computer was recently hit with the ICE Crime Center/Money Pack Virus and I have been unable to find any appropriate means to remove it. The virus is such that it will not allow me to access my computer desktop or even enter my computer through any safe mode. It is an old toshiba satelite running on XP.
 
I noticed a recent user (http://www.bleepingcomputer.com/forums/t/526306/ice-cyber-crime-center-virus/?hl=+ice%20+virus) encountered the same issue as myself and I tried following those similar steps but to no avail. Based on that forum, i followed the steps and have xPUD on a disc and driver.sh on a flash drive and have produced the following report and restore logs:
 
Repot:
Wed Mar 19 20:11:55 UTC 2014
Driver report for /mnt/sda1/WINDOWS/system32/drivers
0c0004ced8a90d09e6a59bd389ca6799 CSIIDecoder_kern_i386.sys has NO Company Name!
7147b0575bcc93a6ab7d5c90f47c0b9f tbiosdrv.sys has NO Company Name!
4011a07b10a320e2f227c4572c468184 TSXT_kern_i386.sys has NO Company Name!
c1536905ad2067812a238bce998f4bff  1394bus.sys
Microsoft Corporation
9859c0f6936e723e4892d7141b1327d5  acpiec.sys
Microsoft Corporation
8fd99680a539792a30e97944fdaecf17  acpi.sys
Microsoft Corporation
8bed39e3c35d6a489438b8141717a557  aec.sys
Microsoft Corporation
12dafd934641dcf61e446313bc261ec2  AegisP.sys
Meetinghouse Data Communications
1e44bc1e83d8fd2305f8d452db109cf9  afd.sys
Microsoft Corporation
08fd04aa961bdc77fb983f328334e3d7&... Read more

Answer:ICE Crime Center Virus

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully.First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.  Kaspersky Windows UnlockerDownload Kaspersky Rescue Disk (iso)Burn it to a cd or dvd, if you need a program to burn an ISO...use [email protected] ISO BurnerConfigure your computer to boot from CD/DVDNote : If you do not know how to set your computer to boot from CD/DVD follow the steps hereOnce you ha... Read more

17 more replies
Relevance 77.9%

I have a serious threat! On Friday even ing my computer was completely blocked and a webpage called The Ice Cyber Crime Centre took command of my machine. I cannot get into it and I need your help please. I have managed through Safe Mode to get it working on an earlier date but I need your urgent help to get rid of this virus. What I don't understand is that I have the paid version of AVG installed, so how did this one slip through.When was the last time you did something for the first time?

Answer:Need help getting rid of ICE Cyber Crime Center virus

No antivirus product can catch absolutely every item of malware or virus, and no such product claims to do so. You need multi-layered protection by using a strong third-party firewall and an antispyware product working alongside your antivirus. AV on it's own is not enough, though you do, of course, have to balance that against the available system resources to avoid taking to much of a performance hit.Follow this removal guide: http://www.malwareremovalguides.inf...message edited by phil22

3 more replies
Relevance 77.9%

Hello, I have received the hated ICE Cyber Crime Center virus.  I downloaded HitPro to a flash drive and attempted to boot the computer, but when I opened the boot menu there was no way for me to toggle down to select the USB drive option (the keyboard was not functioning).  I also tried starting the computer with the USB in the drive, but it says that it cannot boot it because operating system is not present. 
 
My operating system is Windows XP.  Am I doing something wrong with booting from a USB drive, or is there another option for me to eliminate this terrible virus?  Thanks for any help!

Answer:ICE Cyber Crime Center virus

Try this please. You will need a USB drive.Download GETxPUD.exe (http://noahdfear.net/downloads/GETxPUD.exe) to the desktop of your clean computerRun GETxPUD.exe A new folder will appear on the desktop. Open the GETxPUD folder and click on the get&burn.bat The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image. Click on Start and follow the prompts to burn the image to a CD. Next download driver.sh (http://noahdfear.net/downloads/driver.sh) to your USB drive Remove the USB & CD and insert it in the sick computer Boot the Sick computer with the CD you just burned The computer must be set to boot from the CD Gently tap F12 and choose to boot from the CD Follow the prompts A Welcome to xPUD screen will appear Press FileExpand mntsda1,2...usually corresponds to your HDD sdb1 is likely your USB Click on the folder that represents your USB drive (sdb1 ?) Confirm that you see driver.sh that you downloaded there Press Tool at the top Choose Open TerminalType bash driver.sh Press Enter After it has finished a report will be located on your USB drive named report.txt Remove the USB drive and insert it back in your working computer and navigate to report.txtPlease note - all text entries are case sensitive Copy and paste the report.txt for my review

34 more replies
Relevance 77.9%

I received an email early this week subject 'do not reply to this email, which contained something about The Internet Fraud Complaint Center, and something has been logged, is this spam?Concerned

Answer:The Internet Fraud Complaint Center

Delete and forget it.G

4 more replies
Relevance 77.9%

Help I am very new to virus removel. I got a Internet crime compliant center 2 days ago. I have a windows xp 32bit. The screen block is also in safe mode now and I need help removing the virus thanks

Answer:Internet crime compliant center!!!

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your malware problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top o... Read more

8 more replies
Relevance 77.08%

I have an XP SP3 box (Pentium Ci5, 4GB RAM) which is infected with the Police Central e-crime Unit scam. I have read the removal instructions on this page:

http://www.bleepingcomputer.com/virus-removal/remove-police-central-e-crime-unit-reveton-ransomware

Unfortunately the computer will not boot in safe mode or safe mode with networking. If I select either option, the computer just restarts before loading Windows.

I should be very grateful if anyone knows of a fix which can be run from a bootable thumb drive.

Answer:Police Central e-crime Unit scam blocks safe mode

Hello, do you have the possibility to boot from a CD as well or only a flashdrive?

79 more replies
Relevance 77.08%

Hello, I have a computer that was infected with this virus.  I have tried unsuccessfully to run anti-malware and also tried a Kaspersky rescue disk start up as well.  Nothing has worked so far and I cannot even run Windows in safe mode.  I have an HP computer with Windows XP 32-bit.  Please let me know if there's anything more I can do to get rid of this virus.  Thanks.Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum.~ Animal

Answer:ICE Cyber Crime Center - Virus Removal

You don't specify if you have followed this guide so I will add it: ICE Cyber Crime Center Ransomware Removal Guide

11 more replies
Relevance 77.08%

I have the "ICE Cyber Crime Center Ransomware" Virus and read the removal instructions
Booted up the iffected computer as requested with a USB drive, ran the HitmanPro software
and after it ran I noticed it did not find the "ICE" virus, I closed it and rebooted and
the "ICE Cyber Crime Center Ransomware" Virus is there again.
Please help
philip
 
 

Answer:I have the "ICE Cyber Crime Center Ransomware" Virus

Hello philipwk I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same"... Read more

3 more replies
Relevance 77.08%

appreciate any advice you may have. Is it possible that this particular variant is new and nobody has created an effective rescue disk for it yet? also my machine is old and that may hinder repairs.
 

Answer:ICE cyber crime center moneypak virus

Update - I may have found a solution. Once again I used the Kaspersky rescue disk, being sure to update it. After the update, I had it do a scan and it found a backdoor trojan that it did not find a few days ago when I did the same scan. After removing that trojan I was able to boot up in safe mode - sort of. There was still malware on boot up but instead of closing off my access to dos as it usually did, there was a small screen on the top left of the computer screen that allowed me to run dos commands. From Dos I could update Malwarebytes and run a perliminary scan. It found 10 viruses - my guess is that they are all associated with the ICE virus. This was just on the short scan. This time when it rebooted it loaded the WINDOWS screen ok, and now I am doing a full scan. I suspect the virus is mostly defeated, but, as with last time, there may be remnants of it that continue to affect the computer, such as the system firewall and perhaps system restore. I was able to work around those issus last time by manually restoring those functions and will hopefully be able to do this again. THE KEY TO THE REPAIR WAS TO WAIT FOR KASPERSKY TO UPDATE ITS MALWARE - I WAITED ABOUT 4 OR 5 DAYS - AND THEN TRY AGAIN USING THE KASPERSKY RESCUE DISK TO GET ACCESS TO THE SYSTEM. THEN, ONCE YOU CAN BOOT TO DOS, FOLLOW UP WITH MALWAREBYTES - ACCESSED VIA DOS. (MALWAREBYTES WAS ALREADY LOADED ON THE INFECTED COMPUTER BUT IT NEEDED THE MOST RECENT UPDATE AND I COULD ONLY ACCESS IT VIA THE SYSTEM DO... Read more

2 more replies
Relevance 77.08%

Hello,

My friend has an HP Pavilion running Windows Vista basic. He has an ICE Cyber Crime Center ransom virus. I cannot do ANYTHING. When I boot in safe mode, the virus pops up there, too. I attempted to load the programs from a USB drive - won't let me do anything. I attached a photo I took of the screen showing hte virus.

Any help, guidance, etc. would be appreciated.

Lisa
 

Answer:ICE Cyber Crime Center Ransom Virus

You should try the below procedure.

The Kaspersky WindowsUnlocker utility to fight ransom malware
 

4 more replies
Relevance 77.08%

Hi,
 
I have got the Internet Crime stuff again.  I am using XP and cannot boot even in safe mode (computer reboots).  I just get the bogus "pay up or else" screen.  Tried to follow the http://www.bleepingcomputer.com/forums/t/526306/ice-cyber-crime-center-virus/?hl=+ice%20+virus directions and was not able to restore.  Tried 348 first then 313 restore points.  Hope I did that right.  Anyhow, this is what I have done. 
Got CD with XPud and USB with driver.sh
 
here is the report.txt
 
Thu Apr 3 17:31:39 UTC 2014
Driver report for /mnt/sda1/WINDOWS/system32/drivers
9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation
8fd99680a539792a30e97944fdaecf17 acpi.sys
Microsoft Corporation
8bed39e3c35d6a489438b8141717a557 aec.sys
Microsoft Corporation
1e44bc1e83d8fd2305f8d452db109cf9 afd.sys
Microsoft Corporation
d7701d7e72243286cc88c9973d891057 amdk6.sys
Microsoft Corporation
8fce268cdbdd83b23419d1f35f42c7b1 amdk7.sys
Microsoft Corporation
b5b8a80875c1dededa8b02765642c32f arp1394.sys
Microsoft Corporation
b153affac761e7f5fcfa822b9c4e97bc asyncmac.sys
Microsoft Corporation
9f3a2f5aa6875c72bf062c712cfa2674 atapi.sys
Microsoft Corporation
c2b6f2161abd498d2b453050ffc81812 ati2mtag.sys
9859c0f6936e723e4892d7141b1327d5 acpiec.sys
Microsoft Corporation
8fd99680a539792a30e97944fdaecf17 acpi.sys
Microsoft Corporation
8bed39e3c35d6a489438b8141717a557 aec.sys
Microsoft Corporation
1e44bc1e83d8fd2305f8d452db109cf9 afd.sys
Mic... Read more

Answer:Internet crime FBI center has locked computer

Also did the bash rst.sh.  Here is that report.
 
19.0M Apr 3 2014 /mnt/sda1/WINDOWS/system32/config/software
4.8M Apr 3 2014 /mnt/sda1/WINDOWS/system32/config/system
18.8M Feb 25 09:22 /sda1/~/RP316/~SOFTWARE
18.8M Feb 26 12:04 /sda1/~/RP317/~SOFTWARE
18.8M Feb 27 11:04 /sda1/~/RP318/~SOFTWARE
18.8M Feb 27 21:33 /sda1/~/RP319/~SOFTWARE
18.8M Mar 1 10:09 /sda1/~/RP320/~SOFTWARE
18.8M Mar 2 11:38 /sda1/~/RP321/~SOFTWARE
18.8M Mar 3 21:12 /sda1/~/RP322/~SOFTWARE
18.8M Mar 5 00:35 /sda1/~/RP323/~SOFTWARE
18.8M Mar 6 08:05 /sda1/~/RP324/~SOFTWARE
18.8M Mar 7 21:04 /sda1/~/RP325/~SOFTWARE
18.8M Mar 9 14:01 /sda1/~/RP326/~SOFTWARE
18.8M Mar 10 20:17 /sda1/~/RP327/~SOFTWARE
18.8M Mar 11 20:20 /sda1/~/RP328/~SOFTWARE
18.8M Mar 12 21:09 /sda1/~/RP329/~SOFTWARE
18.8M Mar 14 06:00 /sda1/~/RP330/~SOFTWARE
18.8M Mar 14 16:06 /sda1/~/RP331/~SOFTWARE
18.8M Mar 16 00:30 /sda1/~/RP332/~SOFTWARE
18.8M Mar 17 12:38 /sda1/~/RP333/~SOFTWARE
18.8M Mar 18 15:48 /sda1/~/RP334/~SOFTWARE
18.8M Mar 19 06:04 /sda1/~/RP335/~SOFTWARE
18.8M Mar 19 19:56 /sda1/~/RP336/~SOFTWARE
18.8M Mar 21 00:35 /sda1/~/RP337/~SOFTWARE
18.8M Mar 21 19:18 /sda1/~/RP338/~SOFTWARE
18.8M Mar 23 18:40 /sda1/~/RP339/~SOFTWARE
18.8M Mar 25 04:37 /sda1/~/RP340/~SOFTWARE
18.8M Mar 27 03:23 /sda1/~/RP341/~SOFTWARE
18.8M Mar 27 03:50 /sda1/~/RP342/~SOFTWARE
18.8M Mar 28 10:17 /sda1/~/RP343/~SOFTWARE
18.8M Mar 29 13:42 /sda1/~/RP344/~SOFTWARE
18.8M Mar 30 06:28 /sda1/~/RP345/~SOFTWARE
18.8M Mar 31 12:18 /sda1/~/RP346/~SOFTWA... Read more

16 more replies
Relevance 76.67%

Hi guys, been trying to resolve this stubborn bleep of ransomware from my brothers system, had this myself previously and removed with tools found elsewhere, but on this occasion, It seems somewhat more stubborn, 
 
Have tried 2 Bootable usb removal tools without success:
 
Panda virus removal tool
 
Kapersky virus removal tool
 
and following on from Kapersky, a system restore was attempted, but failed, as said the restore point could not be loaded and the file has apparently been deleted
 
Cannot load to desktop to be able to use the DDS tool.
 
System: Windows 7 Home Premium 64 bit
 
Have been unable to backup any data, but if possible I need to preserve files/ photos already on the machine.
 
Any help or instructions, much appreciated.
 
Thanks

Answer:PCEU Police E Crime Unit Ransomware removal help - Safe mode disabled - Stu

Hello Kruger I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", ... Read more

4 more replies
Relevance 75.85%

My specs
 
Dell Inspiron 1720 Laptop
windows vista home premium, Service Pack 2
32 bit
4 gb ram
 
Hello, my laptop will not connect to the wireless internet unless it is in safe mode with networking, along with not connecting to the internet it will not run microsoft security center and tells me i have to run it manually but computer wont do it manually eithier. These worked about two months ago but no longer do.  I have not added any hardware and have not applied any kind of updates besides for normal windows system updates.
 
I've ran all the 'fix it" solutions provided by microsoft but it does not fix the problem.
I've ran chkdsk /f /r multiple times back to back and it deletes corrupt files and then restores orphan files (its always the same ones)
I've ran windows update but that finds nothing
I've tried to run Malwarebytes but it has an error saying that it stopped working when i double click to open it.
I ran CC cleaner and it fixed a bunch of stuff but the problem still persists.
I've restarted and ran the diagnostic disc that came with the laptop but that doesnt fix the problem eithier.
I ran minitool box and did the following but it did not fix,
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions an... Read more

Answer:Wireless internet only works in safe mode + Microsoft secruity center wont work

Hi chris. What changes to softwares before this problem started? Was the computer infected by any malware or virus? Can you check if the wired or LAN connection is fine? If there is no problem with wired, Download then run Farbar Service Scanner and checkmark all boxes.Click Scan and then a Notepad text will open. Copy-Paste the report on your next reply. Download SecurityCheck.exe from Here. Run SecurityCheck and follow the instruction from inside the code box.. When the scan is finished, a notepad will automatically open as check.txt   Please copy and paste the contents here on your next reply. By the way, to Bleeping Computer

4 more replies
Relevance 75.85%

I was told to post in here to check my system for problems, my original post was http://www.bleepingcomputer.com/forums/t/540522/wireless-internet-only-works-in-safe-mode-microsoft-secruity-center-wont-work/
 
As the link above states:
 
My specs
 
Dell Inspiron 1720 Laptop
windows vista home premium, Service Pack 2
32 bit
4 gb ram
 
Hello, my laptop will not connect to the wireless internet unless it is in safe mode with networking, along with not connecting to the internet it will not run microsoft security center and tells me i have to run it manually but computer wont do it manually eithier. These worked about two months ago but no longer do.  I have not added any hardware and have not applied any kind of updates besides for normal windows system updates.
 
I've ran all the 'fix it" solutions provided by microsoft but it does not fix the problem.
I've ran chkdsk /f /r multiple times back to back and it deletes corrupt files and then restores orphan files (its always the same ones)
I've ran windows update but that finds nothing
I've tried to run Malwarebytes but it has an error saying that it stopped working when i double click to open it.
I ran CC cleaner and it fixed a bunch of stuff but the problem still persists.
I've restarted and ran the diagnostic disc that came with the laptop but that doesnt fix the problem eithier.
I ran minitool box and did the following but it did not fix,
Flus... Read more

Answer:Wireless internet only works in safe mode + Microsoft security center wont work

As an important followup, I have noticed that I have Muvic SmartBar and Muvic SmartBar engine installed on the computer on 3/31/2014. I did research on this and it says it is a third party application that comes with the Snap.Do virus.. I vaguely remember having remnants of this virus in the past but thought I had removed it..  
 
When I try to uninstall Muvic SmartBar from the add/remove options I get an error message saying "The windows installer service could not be accessed. This can occur if the windows installer is not correctly installed. Contact your support personelle for assistance."
 
When I try to uninstall Muvic SmartBar engine from the add/remove options nothing happens and I can just click uninstall forever.
 
I ran HitmanPro 3.7.9  and it found Snap.do and AskBar so I told it to delete them. After I restarted the computer in regular mode but the internet problem still exists and muvicsmartbar is still listed in add/remove.
 
I will not download or run any more tools/programs until furthur help here as been provided. Thank you so much to whoever takes on my problem!

more replies
Relevance 70.52%

Internet explorer will not work unless in safe mode. The help and support center doesnt work, nor a lot of other things. I can't install/remove most programs.

Panda Activescan will not run. I ran DSS in normal mode and I am posting in safe mode.

It will not allow me to attach extra.txt, there is nothing to select at the bottom to attach it.

Deckard's System Scanner v20071014.68
Run by Owner on 2008-04-07 12:15:00
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
42: 2008-04-07 19:15:06 UTC - RP366 - Deckard's System Scanner Restore Point
41: 2008-04-07 18:31:05 UTC - RP365 - Installed Windows XP Wdf01005.
40: 2008-04-07 18:30:00 UTC - RP364 - Installed Windows Installer KB893803v2.
39: 2008-04-07 11:25:59 UTC - RP363 - System Checkpoint
38: 2008-04-06 10:44:41 UTC - RP362 - System Checkpoint


-- First Restore Point --
1: 2008-02-28 01:34:24 UTC - RP325 - Made by Registry Mechanic


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:30 PM, on 4/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.0... Read more

Answer:Internet dead except in safe mode, virus?

Bump

12 more replies
Relevance 70.52%

Hi ,
I've just removed some viruses from my computer using BitDefender and it seems that my internet is pretty screwed . I've gone into normal boot to find that all of my network connections are missing in both of the folders "My network places" and "Network connections ." No icons whatsoever , just a blank folder . However , in safe mode I am able to access the internet and my connections appear regularly within their respective folders . I've tried re-installing my ethernet drivers in safe mode and normal boot . No luck . So , I thought that I'd be just fine running in safe mode , but unfortunately I want to be able to play my online game since Safe Mode is limited in colors , therefore I cannot play my game ><;

So , I was just wondering how I can restore my internet connection within normal boot ?

Thanks , Andrew

EDIT : My computer internet was working JUST FINE before the removal of the viruses .

Answer:No internet after virus removal, only in safe mode .

You could try running System Restore and going back to a time before the infection or you could try booting with your XP CD and performing a Repair.

3 more replies
Relevance 69.7%

I got a virus (some vista 7 virus?) used Rkill and was able to access internet through safe mode, as that was originally not possible. I have tried combofix, SAS, Spybot, everything and cannot get internet to work in non safe mode. I have Windows XP. Please help!

Answer:Crazed! Please Help- Can Only Access Internet in Safe Mode after Virus

Hello,Please follow the instructions in ==>This Guide<== starting at step 6.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button. Since you have run ComboFix, please include the ComboFix log in the new topic.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, include the information that you were unable to produce the other logs, include the ComboFix log, and describe what happens when you try to create the other logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

16 more replies
Relevance 69.7%

so i have the fbi ransomware virus, don't know which variant, i can get into safe mode with networking but no connection, can't start any of my programs, can't boot from usb, i have win xp media, tried the xp malware removal instructions provided but i can't install and run anything, i tried kapersky, tried hitman pro but can't connect to the net so that didn't work, don't know what else to do, been trying this for about 15hrs so far, please i need help!, thanks., Larry
 

Answer:fbi virus, no internet in safe mode, can't start programs

Welcome to Major Geeks!

You should try the below procedure.

The Kaspersky WindowsUnlocker utility to fight ransom malware
 

1 more replies
Relevance 69.7%

Hi,

My sister's computer - XP SP3, Optiplex 755 - was recently infected with System Protection rogue av. After following instructions found at Beeping Computer, I removed Rootkit.Boot.Pihar.a with TDSSKiller and the rest of the rogue with Malwarebytes. I uninstalled the previous expired AV, McAfee Total Protection, from Add/Remove and installed Avast free. Everything seems fine and back to normal, but...

Since the removal procedure, the internet has not worked in Normal boot mode. It will ping, RDP and open files on networked computers but no browser will pull up a web page. In safe mode, however, web pages work fine. I've uninstalled and reinstalled IE, FF and Chrome but they all still will not connect. I ran McAfee removal tool and it found a few things but didn't resolve the issue (Security Check found no sign of McAfee afterwards, Windows firewall is off). Ran Dial A Fix, Winsockfix, uninstalled and reinstalled TCP/IP. Tried SFC /scannow as well as a repair install but issue persists. Route print and netstat shows nothing strange. I've created lists of services and tasks running in both normal and safe mode but there are literally three times as many services running normally so it's really not feasible to start turning them off and rebooting.

I'm trying desperately to not have to reformat. Of course, I may HAVE to but to wipe and reload for one thing is a disappointment.

Thanks for any help! I'd really appreciate any insig... Read more

Answer:After virus removal, internet only works in Safe Mode

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

1 more replies
Relevance 69.7%

Running Windows XP Media Center Version 2002 Serv Pack 3.

I would appreciate any help you could give on the following virus issues.....

Started with Microsoft Security Essentials virus, cleaned that with Malwarebytes free download. Everything seemed ok, then Started with multiple error messages like the following
Exception Processing Message (Windows No Disk)
You are running very low on local disk (c:) Low Disk Space
Windows Delayed write file
Windows unable to save file/system32/multiple numbers
Data lost caused by failure of your computer hardware
Critical error while indexing data stored on hard drive
System then rebooted.

I researched this and assumed that I had the Win HDDvirus. Actually did find these files on my pc and followed steps to remove the virus manually. This worked in that my PC was not rebooting or giving the messages anymore.

Then started getting redirected when searching on internet. Tried to find a good virus cleaner on line that was free. Downloaded ccleaner, Spywear Dr, Spynomore. All you had to pay for, so just ran the scans, but did not purchase to correct the errors.

Then internet stopped working altogether. Can't find server message.

Booting up in safe mode allows internet access fine, but still getting redirected.

A couple of times my antivirus software Trend Micro PCcillin would alert me to a virus such as agentt.nn or such and I would remove it.

PC start up is very slow and sometimes the pc just chugs away like it'... Read more

Answer:Multiple Virus Internet only in Safe Mode + Redirecter Help!

Hello and welcome. Please follow these guidelines while we work on your PC:Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
Please do not run any scans or install/uninstall any applications without being directed to do so.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.fs

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this linkDouble click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into... Read more

17 more replies
Relevance 69.7%

All websites display "Address Not Found" on my desktop, so I thought my internet connection was down, but my service provider said "it's up" and my wireless router is working and I can connect with my laptop.
Discovered that Start/Run is missing, Task Manager is disabled, can't boot into Safe Mode. Nortion AV won't run. Tried several AV removers and non run or if they run they don't find anything.
I can run Hijack This and get a Log, but not sure how to send it to you. I can burn the log to a CD or copy it to a flash drive but do I dare put the flash drive or CD into my laptop? I got the virus from my flash drive I think....since a friend has the same symptoms on his laptop and I used my fash drive to transfer files from his machine to mine when all the trouble started!!
Can anyone help???

Answer:Virus Disabled Internet, Safe Mode, Start Run

Hello and welcome to TSF.

Apologies for the long delay in response. We have a large number of HijackThis logs to handle and it?s taking us longer to catch up. If you haven?t received help elsewhere already and still require assistance please perform the following:

============================

Please download and install the latest version of HijackThis v2.0.2:

CLICK HERE to download the HijackThis Installer:Save HJTInstall.exe to your desktop.
Double-click on HJTInstall.exe to run the program.
By default it will install to C:\Program Files\Trend Micro\HijackThis.
Accept the license agreement by clicking the "I Accept" button.
Once installed do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.

====================================
Download RSIT by random/random and save it to your desktop.
Double click RSIT.exe to start the tool and click Continue at the disclaimer.
When the scan completes it will open a log named log.txt maximized, and a log named info.txt minimized.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both here.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

3 more replies
Relevance 69.7%

I've had a nasty virus for months; I got rid of most of it but still had remnants like Google redirecting and hidden start menu options. Yesterday I ran Eset, TDSSkiller, HitmanPro, MBAM, Unhide.exe, and finally CCleaner and everything was restored and my computer worked perfectly, faster than it had been in months, etc. It was grand. Then this morning it started working really slowly on YouTube. I realized I had never restarted the computer after running the series of programs which finally got it working again (or so it seemed). I ran them again and restarted it. Ever since, the internet has not worked in normal boot mode and it's driving me crazy!! It works fine in Safe Mode w/networking; what have I done??? Please help!!

Answer:Removed virus, now internet only works in safe mode

Try this program, and see if it helps --> http://majorgeeks.com/Complete_Internet_Repair_d7183.html

Do you know what was the name of that nasty virus?

20 more replies
Relevance 69.7%

I am having an issue with my computer since I updated my iTunes and QuickTime and now anytime I try to open or run a program, it pulls up "view downloads" page and asks if I want to run or save the file. Neither option works as it simply re-opens another "view downloads" page and won't allow anything to run. I am operating in Safe Mode but same issue arises. See attached picture as anything I try to open goes to this page and keeps adding the same item over and over if you try to click run or save.
Can you steer me in the right direction?

Answer:Virus won't allow any downloads or internet in safe mode. Won't run antivirus

Hello,
Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.
If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

3 more replies
Relevance 68.06%

I recently attempted to clean my brother's computer after he aquired a virus from the torrent file program he uses. Regardless, I cleaned a trojan and a backdoor from his system from safe mode. I can not boot in normal mode. Everytime i try the system gets hung up at the windows loading screen then the screen turns black and sits there. I have to hard reboot. I ahve used a repar CD and i have come across an error 0x800700b7, i have also recived this when i tried to work around this problem "identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}"

OS= Win 7

Answer:System will only start in Safe mode, Clean virus in safe mode

You can spend a lot of time trying to fix the boot problem and clean the virus from the computer, or you can nuke it and reinstall Windows. I wouldn't bother trying to fix it, personally - I'd back up what I could and then I'd install Windows again.

9 more replies
Relevance 66.42%

ok i have a huge problem, i no virus scan capabilities in safe mode and in safe mode with networking, now i have tried to go back to reg. booting, and see if it is installed corectly, and from the looks of it, it is all icons and file folders are there and working.....now when im in either one of the two safe modes wither im on the amnstdr or mine the software will not open and it won't open, here is what comes up when i try to open it from program files:

"Faild to start the Symantec Management Client service. Error code returned:
0x8007043c
i am getting frustrated badly with this, i am running XP home ed. on an ACER aspier one, (say what you want but its practical) and as you can tell i am running live update/Symantec Endpoint Protection
and yes everything is up to date, i have waxxed the backdoor troj. with no prob. but i am needing help tring to fig. out how to solve this prob so i can make shure i completly killed the attack...thanx

Answer:No virus scan in safe mode or safe mode with netwrkg

Hi and Welcome to BleepingComputer,

Not all anitvirus programs work in safe mode, I don't know about Symantec but I do know my ZoneAlarm does not. I do not see the reason to run it in safe mode. If you are really wanting to run stuff in safe mode, run SuperAntiSpyware in it and just run your antivirus program in regular windows.

Btw, it sounds like you had something on there that has backdoor capabilities and if that is the case, then unless you reformat the computer, it will never be truly safe again.

11 more replies
Relevance 66.42%

Dell pc. Xp home edition. When in safe mode in registry. How do i bring the screen to the center to read it all?
 

More replies
Relevance 64.78%

I'm running windows xp media center edition 2005 on a Sony VAIO (Series R model number VGC-RA842G). Now for my problem, it's loads slower then normal on start-up and when it reaches the log-in screen it's crashes with the blue screen(of death). So I then tried to start it in safe mode and it fails to get past the partitations 85% of the time and when it does made it to the log-in screen I get the blue screen(of death). I've talked to my more computer sabbie friends and I even reached a sony tech support guy and what they all told me was that I have 2 options.
(option 1: friends told me)
put in the window xp media center intsall cd and try the repair.
(option 2: sony tech guy)
buy their recovery cd and completely restore my pc to out of the box specs(losing ove 2yrs of photos, files, etc.
Unfortunatly I did not get a CD copy of my OS with my pc so I can't try the repair option, and I really don't like the idea of losing my data. Does anyone know of any thing I can try to get my PC working again without having to completely wipe my hard drive?
 

More replies
Relevance 64.78%

Very often when I restart my computer I cannot access my network. Network and sharing center is hanging and cannot be access. Network troubleshooting does not find anything. I tried by msconfig sturtup to disable most of programs from starting, because obviously some program is creating this problem, because in safe mode I do not have any problem and can access network and sharing center. When I have this problem sometime system restore does not work or failed when I start it from repair console, but most of times, after that, when I restart computer network and sharing center is working. I spend tomuch time trying to fix this.
I would appreciate any help.
My system windows 7 ultimate 64, anti-virus Avira.
I am connected by Ethernet to my home network.

Answer:Network and Sharing Center is working only in safe mode

This solution may work. http://www.chicagotech.net/netforums...pic.php?t=2429

3 more replies
Relevance 64.78%

Just renewed Security Center (Virus Scan Plus and firewall) this spring...unlike my previous McAfee program, this one only opens in normal mode. Safe mode is where I usually run my scans. Anyone have thoughts on this? Can't seem to find an answer in McAfee support or FAQs.
 

Answer:McAfee Security Center won't open is safe mode

Many programs don't run in safe mode and this may be normal for McAfee. If it used to run in safe mode, and now it doesn't, try uninstalling, and reinstalling. Use this for the uninstall: http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
It's probably best to scan in normal mode anyway, as some viruses won't be 'active' in safe mode and may not be detected....

hd2k
 

1 more replies
Relevance 63.96%

Hello, after typing in "my computer only starts in safe mode" you guys were the number one site so here I am. I see there are a lot of threads concerning auto restarts and safe mode probs but I dont know if my problem is exactly the same. For the for the past 3 months i have been trying to figure out whats going on with my comp and its just getting ridiculous now. I have an HP media center running WinXP.

Every time i start my computer it boots and then restarts itself 2 to 3 times after which I get registry error problems saying that a registry file couldn't be found and that an old one had to be recovered. Then i get a message saying that there is no restore file. And now it will only start in safe mode.

I have run spybot, adaware, hijackthis etc.. And I brought it in to a local repair shop (Peters PC Repair) where i was told that I had a couple bugs but nothing was really wrong. But here I am typing this up in safemode with all the same problems. Im at my wits end, what can I do?
 

Answer:My media center is really messed up auto restarts, safe mode only etc....

This kind of sounds like a memory issue. I've seen the registry problem you describe when there are errors with the RAM. I, however, haven't seen it go the extent of your PC only starting in safe mode. Usually the "blue screen of death" appears. However, you have been at it for three months.

Also, I've seen restart issues with Dell PCs after an SP3 update.

Just for giggles, try running Memtest86, ver. 3.5, and here is a link:

http://www.majorgeeks.com/Memtest86_d1247.html

After downloading, open the contents, and burn the ISO. That is, make a CD-ROM.

Place it in your drive, and re-boot. Errors will be listen on the right side of the screen. Let us know the results.
 

7 more replies
Relevance 63.96%

I have the FBI MoneyPak Ransomware or the Reveton Trojan on a Windows XP Media Center Edition desktop. I am typing this from a laptop. The guide suggest booting up in Safe Mode with Networking but it won't let me go in Safe Mode at all. Is it now time to use a Bootable Antivirus CD?

Answer:Will not load Windows XP Media Center Edition or Safe Mode!

I'll report this topic to appropriate helpers.
Hold on there...

15 more replies
Relevance 63.96%

Hello Everyone,This is my first post here at bleepingcomputer, although I use it frequently for help in my job (IT Manager at a large virtual school setting). I need help...Symptoms: I have a computer infected with a type of fake Windows Security Center which continues to show bubbles in the system tray, along with a replica of the WSC shield icon. Desktop also shows an image of "Detected Spyware! System error #384 (this could be remnant of another virus/malware which was removed from the solutions below and left behind as a background image).Attempted Solutions: I have had the user run MalwareBytes, Super AntiSpyware, smitfraudfix, and Dr. Web all in Safe Mode. None have completely removed the malware, and the malware does run in safe mode.Any help will be greatly appreciated. Thanks in advance.Here is a hijackthis log run in safe mode.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:55:44, on 3/22/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Symantec Shar... Read more

Answer:Fake Windows Security Center - Runs in safe mode cannot get rid of it

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Relevance 63.96%

I began getting Security Center alerts, along with ProVirus alerts (?) yesterday. My typical route of removing it via Malwarebytes was rendered helpless due to the virus seemingly blocking the program. I removed Malwarebytes, reinstalled it, renamed it and was never successful. I also tried Avira antivirus without success either. Virtue of a forum post I found the idea of searching for a file named with a random set of numbers which is saved in the "application data" folder. I found this file and deleted it, but problems still persist. I also found a new folder (and desktop shortcuts) for "Active Security" which I was able to delete except for one file (coreext.dll). which still remains in the folder within my "Progam Files" folder. Attempting to restart in safe mode results in the BSOD with a message that (paraphrasing) windows is not loading to protect my PC.
DDS (Ver_09-10-13.01) - NTFSx86
Run by Jonathan.Millican at 11:42:52.71 on Thu 10/22/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3038.2383 [GMT -5:00]

AV: Active Security *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\s... Read more

Answer:Security Center alerts, BSOD in safe mode start

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Relevance 63.96%

I have an HP Pavilion that had a hard drive scramble. I had to restore it by using the HP recovery disks. It seemed to be working fine. Downloaded and installed Service Pack 3. Now it boots into safe mode but won't boot without using safe mode.

I have tried a bit of evrything I know but can't seem to get it going. Anyone have any ideas?

Answer:XP Media Center Edition 2002 Won't boot except in safe mode

Hi and welcome to TSF did you try system restore from safe mode to a point prior to installing sp3 you can reinstall it but download it to your desktop and do it from there it may have gotten corrupted during the download Download: Windows XP Service Pack 3 Network Installation Package for IT Professionals and Developers - Microsoft Download Center - Download Details
don't worry about the wording etc it should be fine

2 more replies
Relevance 63.96%

What happens if you go to repair your computer instead of going safe mode command? Is it bad? If not, what should I do to remove the virusEdit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

Answer:ice cyber crime center

Hello and welcome to Bleeping Computer. Please take a look here: http://www.bleepingcomputer.com/virus-removal/remove-ice-cyber-crime-center-ransomware

2 more replies
Relevance 63.55%

Hello all-Very nice forum here, btw. Learning quite a bit. I've been reading for the past few days trying to resolve my system issues myself - I think it's time to post.Problemon Boot -- computer completes Post, brings up windows XP Media Center Edition Splash, then goes blank. (yes, I've read the sticky post on boot issues... video card/drivers is my next check, but I don't know how -- plz read on why.)Specs:Dell E520Windows Xp, MCE05U (Media Center Edition 2005)Processor, 6300, 1.86, 2M, Core Duo-conroe, Burn 2Dual In-Line Memory Module, 1G 533M, 128X64, 8, 240, 2RX8 Hard Drive, 320GB, S2, 7.2K, 16M Unleaded, SeagateDvd+/-rw, 16, Toshiba Samsung Storage Technology Serial AtaGraphics, 7300, Low Encryption, MRMGA10No PS/2 PCI for mouse or keyboard -- only USBSystem is in warranty for 20 more days as of post - I am helping out a friend - it is not my computer.Detailed Description of problem and current attempts to troubleshootUser says no new software was loaded on machine prior, says problem never occurred before. Does run windows automatic updates in the background) I asked him to boot to safe mode and run virus scan. He did, no viruses reported.I now have the machine.Attempted to boot in safe mode without networking, get the safe mode 4 corners on black screen, then log in page. Neither mouse nor Keyboard function (though both are clearly getting power - light indicator on keyboard - laser on optical mouse illuminates.)Reboot and checked BIOS settings -- no... Read more

Answer:WIN XP-Media Center Edition05 - boot issue, no safe mode, no recovery cd

to the BC forums.WOW!!! Excellent work and an exceptionally brilliant post. I like it!Let's try this for starters:Since there is no problem with the hard drive ...Start the Recovery Console using a Windows XP CD (doesn't matter - Pro or Home)Do the following ...1. Insert the CD in the computer's optical disk drive tray.2. Start or re-start the computer so that it boots from the CD. You may be prompted to "Press any key". (If the system does not appear to be booting from the CD, you may need to enter the BIOS Setup Menu and change the boot order, so that the CD-ROM/optical disk drive is set to boot before the hard disk drive.)3. When the Welcome to Setup screen appears, press the R key on your keyboard to start the Recovery Console.4. The Recovery Console will ask which Windows installation you would like to log on to. If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press the <ENTER> key. If you have just one Windows installation, type 1 and press <ENTER>.5. You will be prompted for the Administrator's password. If there is no password, (and this is most likely), simply press <ENTER>.6. You will be presented with a C:\Windows> prompt. <<< Let us know if you do not see this.At the C:\Windows> prompt, type chkdsk /p and press <ENTER> (There is a space between chkdsk and the slas... Read more

29 more replies
Relevance 63.55%

Hi guys...it's me again. >_<;
So I have this fake security center coming up, telling me to install an antivirus. It looks like windows security center, but it's not because the only option it has it 'enable protection.' I saw a similiar problem someone else had, and tried to follow their instructions, but unfortunately, it involved downloading smitfraud and rebooting in safe mode, but my computer wont do any form of the three safe modes it offers. Furthermore, when I click on a link from google (such as trying to find this forum) it sends me to some off search website (like offprowl). It's never done that before. The only way to get to the actually site is to press cache. ): Also,anytime I try to run SAS the fake security center pops up and exits out of it. I tried the runSAS thing, and that does the same thing after it scans.
...
and it does it with my HJT log.
D:
Thank you so much in advance. I'm sorry. ):
 

More replies
Relevance 63.55%

Okay, I'm posting about a few concerns here, and I'd -really- appreciate any help I can get.

I also posted this in another forum, as I figure two heads are always better than one, and I can see what I get for suggestions on both sides.

Concern number two and three are my main priorities at the moment.


*****Concern number one***** (NOTE: apparently resolved on other forum... on Vista, Hosts files are blocked from access? )
When running Hijackthis, I get this error:
http://i82.photobucket.com/albums/j2...ko/hostss1.png

When I press okay, I then get this message:
http://i82.photobucket.com/albums/j2...ko/hostss2.png



Why is this, and how can I fix this?


Here's the HJT log I get, anyways. Not sure if it has everything scanned because of the above errors:


Logfile of HijackThis v1.99.1
Scan saved at 1:50:25 PM, on 5/25/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark 2500 Series\lxddmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\Program Files\Common Fi... Read more

More replies
Relevance 63.55%

I was browsing the internet the other day when I clicked on a link and my computer shut down. I immediately knew it was a bad link. My computer rebooted and it wouldn't let me on IE after that at all. I then did a restore to the previous day. I was about to get online so I went and downloaded Kaspersky IS and scanned my computer. My laptop messed up and rebooted itself. Then got Anti-Malware Bytes in Safe mode and ran a scan, still had issues Kaspersky not running right and my computer freezing after just a couple of minutes. Went back and did a restore again to the same spot and this time said forget Kaspersky and jsut did AMWB. It showed my computer is clean, yet about 2 minutes after booting, my computer reboots and the safe mode option pops up. I can run ok in safe mode but cannot get it to work in normal mode. I did trend micros housecall and another online scanner and all say my computer is clean. Yet, when I start IE, I am redirected on every link I click to scour..... or another site with links on it. Any help is greatly appreciated, as well as a recommendation for a better Anti-virus. I jsut had McAfree that came with this laptop. Thanks!






.
DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Mom at 1631 on 2011-06-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1805 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes =... Read more

Answer:Only runs in safe, redirects even in safe, reboots in normal mode..no virus' found

oh and Malwarebytes did block a 91-207-192-22 port 49179 svchost.exe

9 more replies
Relevance 63.14%

Hello everyone,
 
Today appeared on my screen the ICE Cyber Crime Center virus message. I have been looking at solutions online, and came accross the following solutions on your website:
 
http://www.bleepingcomputer.com/virus-removal/remove-ice-cyber-crime-center-ransomware
 
I have followed each step and I am now stuck at the step 9.
 
My issue is that I am using a computer with Windows 8, and cant find the access to the boot mode. I have tried to press F12, after having restarted the computer through the "shift+restart" menu. It didn't bring me to the boot menu.
I have also tried to restart the computer in the safe mode, using the following path:
  shift+restart menu -->  troubleshoot --> advanced option -->  start up settings --> restart --> safe mode (and tried with safe mode with networking
My computer restart, I enter my password, then it restarts again, I re-enter my password and then I come back to the ICE screen.
 
I do not understand how to get to the boot menu under windows 8, and did not find anything on bleeping or elsewhere to find out what to do.
I tried to run a restoration point, which did not work as :
an unspecified eror occurred during the system restore (0x81000204)
 
I tried to run it getting back at different date, without any success.
I need to save some datas as this is on my work computer and would like to avoid as much as possible to lose them.
Please advice.
scoubri

Answer:ICE Cyber Crime Center with Windows 8

So, I made some progress here ...
I finally could access the safe mode after having ran a "refresh your pc" ... I have no idea why, but was happy to get there.
 
I installed and run "Malwarebytes' Anti-Malware Pro" that cleant quite a few things.
 
I then installed and run "Eset Nod32 Pro", that also cleant many problems.
 
I think my computer is virus free now, but I still cant get to run back to the normal boot mode.
I can access the "msconfig" page and I see that my windows is starting in a "Selective start up". When I change it to "Normal start up", apply and restart. It doesn't restart as "normal" but still as "selective".
On the "boot" tab of msconfig, the "safe boot" is unchecked.
I am stuck here.
I dont know what to do to get it back to the way it should be!
Please give me a hand ...
 
thanks;
 
scoubri

4 more replies
Relevance 63.14%

hi: I'm using Windows XP. When I turn on my PC and log in, the screen immediately goes to some bogus warning from the "ICE Cyber Crime Center" demanding a payment to "unlock" my PC. I literally cannot access anything else on my PC. The only way I can shut down the PC is to turn off the power. A few months ago I got some help from this forum to remove some viruses. Although it seemed to work at that time, my PC never really did behave normally after that -- extremely slow, and IE8 would lock up anytime I had anything with a lot of graphics or more than one tab open. I'm sorry I can't load any DDS scans or anything else, but as I said, I literally can't access anything on my PC. You guys have always been WONDERFUL help before, and I'm hoping you can help me out here again. Thanks.

Answer:hijacked by ICE Cyber Crime Center?

Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

If necessary, download and run the tools in Safe Mode with Networking: Restart your computer.
After hearing your computer beep once during startup, but before the Windows icon appears, start pressing the F8 key.
In some systems, this may be the F5 key.
Instead of Windows loading as normal, a menu should appear.
Use the up arrow key to highlight Safe Mode with Networking and press 'Enter'.
Login on your usual account.
------------------------------------------------------

19 more replies
Relevance 62.32%

This occurred on two dell inspiron windows 7 computers:
 
After removing the ICE Cyber Crime Center ransomware with Hitmanpro Kickstart I am no longer able to boot to windows. I only can get the screen where you can choose to run startup repair or start windows normally. Both choices cause computers to automatically restart themselves over and over. Tried to restore one to factory condition and after going through all the recovery disks and restarting, the same screen with startup repair and start windows normally appears. It did not reformat. So I tried Killdisk to reformat it and same result. It returned to the same screen with startup repair and start windows normally.
 
Does anyone have any idea what I can do next?

Answer:Problem after removing ICE Cyber Crime Center

Posted link on Umbootable Due To Malware List.
 
Please be patient, someone from BC Staff will assist you shortly.
 
Louis

24 more replies
Relevance 62.32%

OK ... Not sure what caused this but ....

When I got home, computer was in blue screen. Unplugged and rebooted. Hung at Starting Windows. Unplugged again and rebooted. Selected user and continued on. Hung after desktop image was downloaded and normal desktop was presented. If I moved the cursor to the task bar, got hour glass. Could not get task manager to appear and could not start any program.

Booted in safe mode with networking. Opened firefox in safe mode and it was really funky. Could not get to techguy.org. Showed some porn. Basically, it was highjacked.

Ran hijack this (probably an older version) which I then copied onto flash drive and copied onto my laptop for posting here.

Need help, thought I'm concerned that I won't be able to download any programs you suggest onto the affected computer.

Thanks,
Dave
Logfile of HijackThis v1.99.1
Scan saved at 9:42:33 PM, on 12/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h... Read more

Answer:Virus - browser issues in safe mode/hangs in normal mode

7 more replies
Relevance 62.32%

I have ran multiple malware removal programs, including hijack this. I have a clean network connection in safe made. Something is blocking the lan network connection in Normal Mode.

Here are a few log files

View attachment mbam-log-2010-09-22 (22-03-03).txt



View attachment hijackthis.log
 

Answer:Virus Removal (no network connection in normal mode) only in safe mode))

You did not complete all of the below:

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide


and attach the requested logs when you finish these instructions.

**** If something does not run, write down the info to explain to us later but keep on going. ****
Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.


After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!
Helpful Notes:


If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:

Starting your computer in Safe mode

If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
If you cannot seem to lo... Read more

14 more replies
Relevance 62.32%

Hi All,

Been having this problem since yesterday. Whenever I start up windows, it freezes after a couple of minutes. Tried going into safe mode to run virus scan (Avira and Malwarebytes) but both freeze halfway through scanning and I have to do a hard reset. No idea at all what is wrong with it.

Also find that when I try to open Adobe PDF Reader, it shows this message when I am in normal mode. 'The windows installer service could not be accessed. This can occur if you are running in safe mode, or if the windows installer is not correctly installed.' Right after that, it freezes. Not sure if that's relevant.
Please help me! Thanks a lot in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:22:47 AM, on 2/4/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Pro... Read more

Answer:Computer freezes in normal mode after a few minutes and then in safe mode when running virus scans

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about y... Read more

3 more replies
Relevance 61.91%

Some photos and mail seen only SAFE mode - - but not regular mode in BOTH Internet explorer AND Firefox. Hi for some reason I am no longer able to look at Just SOME photos on web sites on this One Win7 computer, nor See my email in Yahoo main INBOX , , , unless I am in SAFE mode. Not sure how to tell what I did wrong or if missing dlls or other settings. But does work ok just in SAFE mode. However I also get the Blue screen of death once in a while. Below is what I got when doing the "hijack scan" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:09:06 PM, on 4/23/2013 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v10.0 (10.00.9200.16537) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe C:\Program Files (x86)\ASUS\ASUS Instant On\AsInstantOn.exe C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe C:\Users\JIMMY\AppData\Local\Akamai\netsession_win.exe C:\Users\JIMMY\AppData\Roaming\SearchProtect\bin\cltmng.exe C:\Users\JIMMY\AppData\Local\Akamai\netsession_win.exe C:\UPS\WSTD\WSTDMessaging.exe C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe C:\UPS\WSTD\UPSNA1Msgr.exe C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe C:\Program Files (x86)\ControlCent... Read more

More replies
Relevance 61.91%

PLEASE HELP!
My internet will not work in regular mode, only safe mode with networking. My trading platform works perfectly in regular mode so I know my connection is ok. I have done HijackThis and have come up with this report..

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:19:52 PM, on 10/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Big Wayne\Desktop\HijackThis.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Fil... Read more

Answer:[SOLVED] Internet explorer will not work in regular mode, only safe mode w/networking

Quote:





Originally Posted by wleger2981


PLEASE HELP!
My internet will not work in regular mode, only safe mode with networking. My Norton is out of date as well, but as soon as I get back up and running I will install a newer version..ANy help on this matter is greatly appreciated..




Please do not post your Hijack this logs here. Due to Forum Rules we cannot assist in malware removal here. Have you tried a different browser (Chrome, Firefox etc)? When you say IE only works in Safe Mode with Networking, Do you mean you boot the computer normally and use IE (safe mode) or are you booting the computer into Safe Mode with Networking? In other words you can't boot normally?
If you feel you are infected, please click on the Virus/Trojan link in my signature and post there for more help.

4 more replies
Relevance 61.91%

Hello everyone,

I have a Dell Optiplex GX270 with a pentium 4 processor, yes I know, old, but it works. It is running on Windows XP Pro, version 2002 with service pack 3. I have cable internet connected to a Linksys WRT100 router. As of late, my computer has been acting a little funny. I cannot seem to browse the internet for more than 5 minutes (with either Firefox 3 or IE 8) in normal mode, but the computer shows that I am connected to the internet. I was connected via a usb wireless adaptor, but since it has been acting strange, I have removed the wireless adaptor with the software and am now connected through an ethernet cord to the router which is connected to the cable modem.

The internet works fine in safe mode with networking though. Plus, in normal mode, I am able to update services such as McAfee virus scan and Spybot, as well as remote connect to another computer, which require internet although the internet browsers say that it is not connected. I have ran Spybot, Ad-Aware, and McAfee virus scan already as well, all have not found anything. My roommate's laptop is able to connect to the network, via ethernet and wireless adapter, thus I do not believe it is either the router or modem. In device manager, my network adaptor icons did not show either an "x" or "!" icon. I have tried "WinsockxpFix" but that does not seem to solve my problem. I have tried going into "msconfig" to disable all of the "startup" pro... Read more

Answer:Internet only works in safe mode or for short time normal mode

10 more replies
Relevance 61.91%

I have tried to run IE7 in normal mode and I always get a "The address is not valid" window. I have a good internet connection and Firefox works flawlessly. I do not have connection problems. If I ran IE7 in Safe Mode with Networking, I can bring up webpages with no problems. I thought that upgrading to IE8 would cure the problem but I am still getting the exact same problem. I have tried checking many things and have tried many suggestions that I have found through web searches but nothing works. Please help!

Answer:Internet Explorer will work in Safe Mode with Networking but not in normal mode

what firewall do you have

1 more replies
Relevance 61.91%

Hi guys,

I am having this problem since couple of days, my wireless internet connection is working fine i can go in my messenger but i cant browse any websites at all in normal mode.. i tried piniging these websites it comes back fail. but it works totally fine in safe mode, pls pls help me out as I have to study for my exams.

Thanks guys
Sunny
 

Answer:My internet not working on normal mode but works fine in safe mode PLS HELP

10 more replies
Relevance 61.91%

I just did a clean re-install of Vista x64 on a new hard drive (old drive crashed). Here's the problem:

Using my ISP (Roadrunner Carolinas) speed test site; I get around 200 to 400 kbps download speeds using IE in normal mode. If I boot to Safe Mode, I get around 3500 to 4500 kbps, which is what it should be (this is what I used to get in normal mode before I re-installed Vista).

Running the same speed test with Firefox, I get around 1500 to 2000 kbps in normal mode, but if I try to download a file it transfers at only the 200 to 400 kbsp rate (if I'm lucky).

Here's more detail about the system and what I've done so far:

Installed all updates including SP2.
Using Windows Firewall, no anti-virus.
Updated network drivers directly from NVidia (Chipset is nForce750i)
Updated graphics card drivers directly from NVidia
Disabled all LAN protocols except for Client for Microsoft Networks and IPv4
Connected via ethernet cable directly to cable modem, no router.
I've deliberately refrained from loading anything but the basics until I can get this sorted out.

This really the second clean install I've done in 24 hrs. After the first one, I upgraded and added a lot of software and add-ons before I figured out the connection problem; so I decided the easiest fix would be to re-format and start over, checking each step to see what caused the slow-down. Unfortunately once I did the second clean install I tested right away and I had the connection problem from the get-go. Since then... Read more

Answer:Vista x64 new install: Slow internet connection in normal mode; fast in safe mode

run msconfig and uncheck startups that you are POSITIVE are safe to do so. See if your speed picks up. Then allow one startup at a time.

MSCONFIG: speeding up Windows Vista startup

7 more replies
Relevance 61.91%

When I open IE it just stays as a blank screen a warning use to appear saying something about an appcrash but I messed around with it reset the settings. Also system restore wont work neither will a recovery, Im really in need of some help here.

Answer:Help Internet explorer wont work in normal mode, only in safe mode Windows Vista

Please post the exact warning. It should mention a particular App.

11 more replies
Relevance 61.91%

Just a general question:1. When doing a routine scan for viruses and malware, etc. (and just generally speaking), is it better to scan in safe mode or regular mode? 2. If you scan in safe mode, is there anything that wouldn't show up (that you could potentially miss) that *would* show up in regular mode? 3. Or is safe mode just better all around, and everything is covered (plus more) that you'd find with scanning in regular mode?(I'm referring to scanning with AVG A/V, AVG Anti-Spyware, SpyBot (old version), and Ad-Aware SE.)Thanks!

Answer:Better To Scan In Safe Mode Or Regular Mode For Virus/malware?

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using "Safe Mode" reduces the number of modules requesting files to only the essentials to make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files. Using your anti-virus and anti-malware tools, in "Safe Mode" also speeds up the scanning process. Read "Beginners Guides: Windows XP Safe Mode Explained" and "What is 'Safe Mode' used for and why?"

4 more replies
Relevance 61.91%

Actually I've Just Got Changed My Laptop Keyboard And They have Charged 3500rs For Keyboard Only And I Have Checked Tht Keyboard price on Internet And The price Is Between 600 to 1200 And They Have Charged 3500. I Can't Understand Why They Have Charged Extra Amount From Me. Actually I Belong To Middle Class family and My Parents Can't Suffer This Loss. So, Please Help To Resolve my Problem And Adjust My Paid Amount.

More replies
Relevance 61.91%

I read the ICE Cyber Crime Center Ransomware Removal Guide posted by Lawrence Abrams on June 6, 2013.  I booted the HitmanPro program form a USB drive as directed and found one trojan file that was associated with FlashPlayer. Instructed HitmanPro to delete the suspicious file, then rebooted computer. Still infected with ICE Cyber Crime  Screen Locker.  Ran HitmanPro program again, but it did not find any other suspicious files.  Still cannot get past the ICE screen locker with normal boot-up.  What should I do next?
-pwt57
 

Answer:ICE Cyber Crime Center Ransomware Removal Guide

Hello pwt57 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", t... Read more

10 more replies
Relevance 61.91%

Hello again another virus. This time my office computer. Windows 7 networked.My boss called me and after hours he went to print his reports and told my that the main server has been blocked by ICE Cyber Crime Center. I went on line and saw that it's a virus. Can anyone help me fix this?

Answer:I need help fast! ICE Cyber Crime Center has blocked computer

Please follow the instructions in the following link and post your logs in the thread you create: http://www.computerhope.com/forum/index.php/topic,46313.0.html

14 more replies
Relevance 61.91%

Hi all, my laptop has been acting crazy the past couple of days. First of all, I was watching a movie on it and it just shut down. when I tried restarting it in normal mode i would get to the welcome symbol after what seemed an eternity of loading, but then the screen just went black. when I opened in safe mode with networking, everything was fine. So then I went to msconfig and unchecked the two items i was allowed to. rebooted the system and I could get into normal mode again.

So the problem now is that normal mode is acting like safe mode meaning that the bottom toolbar looks the same as in safe mode as well as any of the other open windows. also, after i tried restarting it again, i get this dialogue when I try to connect to my wifi " the dependency service or group failed to start.".

thanks for any help.

Answer:normal mode acting like safe mode and now internet not working

also, other hardware is not working such as audio and printers.

3 more replies
Relevance 61.91%

Ok, I'm sure I'm missing something simple, but I have looked everywhere.I have a T60 running Windows XP Pro w/ SP3.  About 72 hours ago, I lost the ability to access the internet via my browser (IE7) while running in normal mode.  Works fine in safe mode with networking.  I am connected to a home network using wireless.  Router and modem all check out fine, and have been rebooted.  A 2nd laptop was brought in to verify and worked fine.  T60 will not allow internet access with wired port or wireless port in normal mode.  My desktop computer works fine on same network.The only update I've made recently is the update to the WiFi driver from Lenovo a few days ago.  I've even rolled back to the previous driver and still cannot stay connected to the internet for more than maybe 1 minute in normal mode after bootup and loggging in.I've run every Malware/anti-virus program known to man and have found nothing (Malwarebytes, Spybot, A-Squared, etc.)I've run several Rootkit tools and found nothing.I've disabled, removed and reinstalled my Norton Internet Security software and made no difference.  (same version running on my desktop and working fine.  Same version that has been running on this laptop for months and working fine.)I've done Registry restores (from a backup) and repairs and no change.I've removed and reinstalled IE7.I've run Hijackthis and had the info analyzed, found nothing.I've tried winsock repair tools, "netsh" reset co... Read more

Answer:Internet access works in safe mode, but not in normal mode

Hi mle724,I would suggest restoring your system to factory settings. On an aside note, have you tried using an alternative broswer like Safari, Mozilla, Opera, Chrome, yada, yada, yada?Hope it helps.





------------------------------------------------------------Maliha (I don't work for lenovo)ThinkPads:- T400[Win 7], T60[Win 7], IBM 240[Win XP]IdeaPad: U350Apple:- Macbook Air [Snow Leopard]Did someone help you today? Compliment them with a Kudos!Was your question answered today? Mark it as an Accepted Solution!   Lenovo Deutsche Community     Lenovo Comunidad en Espaņol Visit my YouTube Channel

1 more replies
Relevance 61.91%

This happened between uses while notebook was in standby mode.  One day everything worked fine, next day had no access to Internet via browser or e-mail in Normal mode except via WinSCP (secure FTP utility).  In safe mode, had access to Intenet, whether browser or e-mail.  OS is WinXP Pro.  Tried everything I could think of, including unistalling firewall & anit-virus.  Any ideas?

Answer:X61 gets access to Internet via browser in safe mode but not in normal mode

I think your pc might have some virus. Scan your pc with free online scanner here a links to some. www.eset.com/onlinescan/support.f-secure.com/enu/home/ols.shtmlhousecall.trendmicro.com

2 more replies
Relevance 61.91%

Hi, this is my first post on SevenForums.

My internet speed is really slow. I'm lucky if I can reach 1Mbps when I start up Normally. However, when I start up in Safe Mode with Networking I can reach 12Mbps.

The computer is fairly old (8/9 years old maybe) and I've only just upgraded from XP to Windows 7 Ultimate 32bit. When I was running XP I connected to my router using a Linksys USB wireless network adapter. After upgrading to Windows 7 I couldn't use the Linksys anymore as I couldn't find any drivers so I installed a Belkin Desktop PCI Card F5D5000. I managed to connect to the internet straight away and this is when I first noticed the slow speed. I've updated the drivers directly from the Belkin site but it hasn't improved the speed .

I've tried connecting to the same router using WiFi on a laptop and the internet speed is fine (14Mbps). I contacted my ISP Talk Talk and asked them to test the connection but they didn't find any faults with either the line or hardware.

I've also tried switching off my Anti-Virus program but this doesn't make a difference either.

Could anything else be slowing the internet down? Any ideas would greatly appreciated.

Dave

Answer:Very slow internet in normal mode but fast in Safe mode

Hi Dave, and welcome to SevenForums!

I'm not an expert in this area but I suggest you try a Clean Boot as next step. You disable all non-MS services and reboot. If that works you can enable one service at a time to find out if it's a specific service that is causing the slow Internet.
How to perform a clean boot in Windows
Clean Boot assumes the problem is not with Windows itself but a 3rd party product or conflict, while Safe Mode loads minimum necessary drivers etc and without any start up programs.

It could also be caused by malware, that in Safe Mode isn't allowed to start during normal autostart procedures. So scan with a couple of good antivirus/antimalware products, for example Malwarebytes | Free Anti-Malware & Internet Security Software

8 more replies
Relevance 61.91%

Hi,

My Internet is not working in normal but works fine in Safe mode. This weird thing started 2 months back and it's continuing. Its really frustrating. Could some body please help me...

I have followed the 5 steps that were mentioned ..

1) I have Installed AVG recently.

2) Run an Online scan
Could Not complete as I am unable to connect to Internet in Normal mode. I am able to connect Internet in Safe Mode Only.
Unable to run Panda Active Scan in Safe mode.

Step 3) Installing Immediate Protection
Installed Spy Blaster.
Installed IESPYPAD.
Step 4) Update your Operating System
I am on Microsoft XP Home SP2 and IE7.

Step 5) The log files

Deckard's System Scanner v20071014.68
Run by murthy on 2008-08-29 22:03:21
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as murthy.exe) ----------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:42 PM, on 8/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\sy... Read more

Answer:Internet working Safe mode not works in normal mode

Bump Please.
 

1 more replies
Relevance 61.91%

Hi! I'm just a new here, hope someone can help and give advice here. (Sorry if this is not the right thread to start my topic)

Scenario: (this is my first time to encounter this problem)

While playing facebook games last monday, my computer get BSOD and restarts. After booting up on windows, I found out that my internet connection was gone.I tried to restart but still no connection. I use my laptop and other PC to checked if there's internet and yes they are still connected. I restart my pc again and found out after boot up a message box appear says "No AMD graphics driver is installed, or the AMD driver is not functioning properly. Please install the AMD driver appropriate for your amd hardware"

I did uninstall / install my driver but the message box still prompting after restart.
Still no internet connection.

Anyone experience this?
Sorry for my bad english.

Specs:
Intel i3 2120
Asrock H61 U3S3
Sapphire 7770 OC Edition
500 WD Blue
4GB Geil DDR3 1333mhz
550w Hec Cougar 80

Answer:No internet in normal mode but works in safe mode with networking

The first thing i would do is stay in safe mode and run a virus scan.

-edit-
Also check for a system restore point.

Use your Install DVD. When on the install now screen choose repair in the left side of screen. Select your OS. Then When at the GUI select system restore. Choose a date before all this happened.

9 more replies
Relevance 61.91%

Below is my DDS log. Attached is my attach file. Even in safe mode, my internet explorer and firefox seem to be hijacked and taking me to different sites.

DDS (Ver_09-03-16.01) - NTFSx86 NETWORK
Run by Donald Ford at 11:29:46.42 on Tue 04/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.1982.1396 [GMT -4:00]

AV: Rising Internet Security *On-access scanning enabled* (Outdated)
FW: Rising Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Windows\Explorer.EXE
C: ... Read more

Answer:Internet only in safe mode and normal mode won't run antispyware programs

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.comDDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the resul... Read more

2 more replies
Relevance 61.91%

i had this problem last month ran the entire malware process had some malware got rid of it thanks but this problem is reocurring. All scans show im clean but cant browse or use any internet apps in normal mode and alls fine in safe mode.

PLEASE HELP THANKS
 

Answer:Internet works in vista only in safe mode and not normal mode

My first suggestion would be to get into msconfig and uncheck as much as you can in the startup tab. See if you can then use IE or whichever browser you use. If it works, then slowly add items back until you find the culprit.
 

24 more replies