Can only work in Safe Mode

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Kasem1975, Sep 23, 2012.

  1. Kasem1975

    Kasem1975 Private E-2

    Not sure where the problem is. My PC will only run in Safe Mode at the moment.

    I can run Vista normally but it freezes up every few minutes and it is impossible to perform any tasks in normal mode.

    I have run Malwarebytes but nothing, so I think there must be a root problem.

    What can I do apart from READ & RUN ME FIRST thread, as I cannot turn off UAC?
     
    Kasem1975, Sep 23, 2012
    #1
  2. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    To disable UAC via Command Prompt:

    • Try this:
    • Go to start > type in cmd
    • Click on cmd.exe > and paste in the following:

    After you enable or disable UAC, you will have to reboot your computer for the changes to take effect.

    You should receive a success message saying: "The operation completed successfully"
     
    Kestrel13!, Sep 23, 2012
    #2
  3. Kasem1975

    Kasem1975 Private E-2

    Managed to turn UAC off. Couldn't get MGtools to work but here are the logs for everything else.
     

    Attached Files:

    Kasem1975, Sep 24, 2012
    #3
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Explain what happened with MGTools please?

    Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Vista and Windows 7 users Right-click OTL and choose Run as Administrator)
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Attach both of these logs into your next reply.
     
    Kestrel13!, Sep 24, 2012
    #4
  5. Kasem1975

    Kasem1975 Private E-2

    this is an absolute nightmare. I can't upload any files to here in safe mode. I tried to switch to normal mode to quickly do it but got nowhere - ended up having to restart 6 times.

    will have to wait a whole day until i can take the files into work to upload from there.
     
    Kasem1975, Sep 24, 2012
    #5
  6. Kasem1975

    Kasem1975 Private E-2

    last attempt of my day managed to get screenshot of error message for MGTOOLS and OTL only produced one report not two - I did follow the instructions correctly.

    I have also been getting quite a few Nvstor32.sys blue screens - maybe down to the times when it has frozen completely and has been turned off via the base unit. but i changed the nvidia driver to a generic one from the system and it is still happening. might be a completely separate thing all together.
     

    Attached Files:

    Kasem1975, Sep 24, 2012
    #6
  7. Kasem1975

    Kasem1975 Private E-2

    Any further help on this would be a great help, thanks.
     
    Kasem1975, Sep 25, 2012
    #7
  8. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Kestrel13!, Sep 25, 2012
    #8
  9. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    We need to run an OTL Fix

    • Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
    • Copy and Paste the following code into the textbox. Do not include the word Code

    Code:
    :otl
[2012/09/04 07:45:38 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.013
[2012/09/04 07:45:37 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.011
[2012/09/04 07:45:37 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.012
[2012/09/04 07:45:37 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.010
[2012/09/04 07:45:36 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00D
[2012/09/04 07:45:36 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00E
[2012/09/04 07:45:36 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00F
[2012/09/01 23:19:15 | 000,278,581 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00C
[2012/09/01 23:19:14 | 000,326,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00B
[2012/09/01 23:19:13 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.00A
[2012/09/01 23:19:13 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.007
[2012/09/01 23:19:13 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.008
[2012/09/01 23:19:13 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.009
[2012/09/01 23:19:12 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\temp.006
[2011/06/18 02:04:15 | 000,000,216 | ---- | C] () -- C:\ProgramData\~25943824
[2011/06/18 02:04:15 | 000,000,152 | ---- | C] () -- C:\ProgramData\~25943824r
[2011/06/18 02:03:50 | 000,000,344 | ---- | C] () -- C:\ProgramData\25943824
[2011/06/07 19:22:45 | 000,000,344 | ---- | C] () -- C:\ProgramData\30857564
[2011/05/31 14:11:17 | 000,010,956 | -HS- | C] () -- C:\ProgramData\q357f5hcb74jf314d8844uge3716675j3
[2011/05/26 21:55:05 | 000,010,020 | -HS- | C] () -- C:\ProgramData\4256o56y1a8o6x33021iv38cljbeoo2456lvgt
@Alternate Data Stream - 1854 bytes -> C:\ProgramData\rkfree:cfg
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:6B9940D5
  
:commands
[EMPTYTEMP]
[RESETHOSTS]
[REBOOT]
    • Then click the Run Fix button at the top.
    • Click Image.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. ATTACH that report in your next reply.


    Rerun OTL normally, just a scan and attach the log.
     
    Kestrel13!, Sep 25, 2012
    #9
  10. Kasem1975

    Kasem1975 Private E-2

    sorry about the bump.

    i opened otl, c+p the code and hit scan.

    very shortly after a window popped up:

    Cannot create file - C:\Windows\System32\drivers\etc\Hosts

    OTL stopped doing anything, complete black screen behind and had to restart the pc. the same thing happened on a second attempt.
     
    Kasem1975, Sep 25, 2012
    #10
  11. Kasem1975

    Kasem1975 Private E-2

    i meant fix not scan.
     
    Kasem1975, Sep 25, 2012
    #11
  12. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    Then replace the OTL step with avenger. Don't forget to run OTL normally afterwards and attach log.


    Download The Avenger by Swandog469, and save it to your Desktop.

    • Extract avenger.exe from the Zip file and save it to your desktop
    • Run avenger.exe by double-clicking on it.
    • Do not change any check box options!!
    • Copy everything in the Quote box below, and paste it into the Input script here: part of the window:
    • Now click the Execute button.
    • Click Yes to the prompt to confirm you want to execute.
    • Click Yes to the Reboot now? question that will appear when Avenger finishes running.
    • Your PC should reboot, if not, reboot it yourself.
    • A log file from Avenger will be produced at C:\avenger.txt and it will popup for you to view when you login after reboot.
     
    Kestrel13!, Sep 26, 2012
    #12
  13. Kasem1975

    Kasem1975 Private E-2

    I have the logs but cannot attach them until I get to work tomorrow.

    Because I can't do anything in normal mode and this is taking so long because of that delay, will I be able to paste the logs into the thread instead?
     
    Kasem1975, Sep 26, 2012
    #13
  14. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I don't understand why you cannot just attach the logs when you get to work. If you really need to paste the avenger log and then the OTL log you can but I'll edit them asap to get into attachment form again.
     
    Kestrel13!, Sep 27, 2012
    #14
  15. Kasem1975

    Kasem1975 Private E-2

    sorry, what i meant is after this one.

    I can attach now, no problem. but when home, if you reply again I will lose another night having to wait to get back to work and of course over the weekend I'll be screwed.
     

    Attached Files:

    Kasem1975, Sep 27, 2012
    #15
  16. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    I am not seeing any malware now in that latest OTL log. I feel you should post in the software forum at this point. Then when you are done perhaps you could return here and run tools again once you are back up and running in normal mode in case any more malware is revealed.

    Mention this when you post in software too:
     
    Kestrel13!, Sep 27, 2012
    #16
  17. Kasem1975

    Kasem1975 Private E-2

    Ok, well thanks for your help, hopefully I can get to the bottom of this.
     
    Kasem1975, Sep 28, 2012
    #17
  18. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You're welcome. But don't forget it's wise to come back here and run the scans once you can run in normal mode. :)
     
    Kestrel13!, Sep 28, 2012
    #18

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds