FBI Strikes Again

Welcome to Major Geeks!

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Windows\System32\ctfmon.exe ctfmon.exe
O4 - Startup: backup.bat
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing)

After clicking Fix, exit HJT.

Now reboot your PC and see if you can run in normal boot mode.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• C:\MGlogs.zip

 

You're welcome.

Please do the below so that we can boot to System Recovery Options to run a scan.

For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)

 

There are no problems showing in the FRST log. Bootup your PC to the System Recovery Options menu again and this time select Startup Repair. After it runs, try booting in normal mode. If it still does not work, try the startup repair again. And then try normal boot mode. Repeat one more time if still not working.

Let me know what happens.

 

Well it does not appear to be due to any remaining malware. Let's try uninstalling a few things to see if it helps. Other than this, I would probably be sending you off to the Software Forum or suggesting a System Restore ( if you have old restore points ) or a reinstall.

Uninstall the below:
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.0.1400
Symantec Endpoint Protection Small Business Edition

Now reboot and try normal boot mode to see if it works. If not, try the below from safe mode. This will disable a bunch of things that you normally have starting up. This is a test to see what happens when they do not startup.


Copy the bold text below to notepad. Save it as DisableMe.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

Now reboot and see if you can get into normal boot mode.

Running the below will put all the items back that we disabled.



Copy the bold text below to notepad. Save it as EnableMe.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

 

Did you try the DisableMe.reg patch?

 

Okay then you should check to see if you have any restore points that you can use with System Restore to return to a point before this problem began. Also try uninstall ALL of Symantec.

Also a question: What exactly does the blue screen say? Full error message.

These are likely your last options before a reinstall. You have a factory recovery partition you can use to return to out of box condition. Backup any data you need before doing this as it will all be lost otherwise.