Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Profile Won't Load Safemode - Malware Infected


  • Please log in to reply
7 replies to this topic

#1 talkinggoat

talkinggoat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 01 March 2016 - 08:59 PM

I am trying to boot into safemode, to repair a computer infected with some sort of malware, however, when safemode starts, it almost instantly reboots, even before I can click on a username. Normal mode is fine. IE is compromised, for sure. I am taken to a page, Reimage Repair, almost anytime I try to do anything and there are ads on the left side of the window. There is also a virus warning video that pops up, from time-to-time. What logs do you want, first?

Windows 7, IE11

Thank you, in advance.

Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:22 AM

Posted 02 March 2016 - 08:10 AM

Welcome to BC...

 

The programs below will find and remove Reimage and tons more of malware and adware.

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).

  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

POST THE LOG FOR  REVIEW.

 

Download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 talkinggoat

talkinggoat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 03 March 2016 - 04:54 PM

Thanks for taking the time to assist me. Following are the log reports. 


Malware Bytes:

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 3/3/2016
Scan Time: 9:30 AM
Logfile: Heberts auto mbam scan.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.03.03
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 518745
Time Elapsed: 43 min, 26 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{976D6064}, , [7be486fd3e5bcf673823176173919070], 
 
Registry Values: 1
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{976d6064}|1, 1455890502, , [7be486fd3e5bcf673823176173919070]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Professional x64 
Ran by Admin (Administrator) on Thu 03/03/2016 at 13:20:19.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
File System: 45 
 
Successfully deleted: C:\Program Files (x86)\lavasoft\web companion (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11E0Q2NA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RMQRTFR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GPO7VBR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4J1WLF2X (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZNTHMHQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89M402CH (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8QBM4F26 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA2MSXU0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYO24HQ3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5F0MOPU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I16HZJ2J (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J782M8I5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGWG6N1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3DCD2XW (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3QCR2BO (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMXDZ480 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q48Q1EGR (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQL8SV1K (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFN98PGG (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STUM27A8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRU0ASYQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7HC377K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11E0Q2NA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RMQRTFR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4GPO7VBR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4J1WLF2X (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZNTHMHQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\89M402CH (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8QBM4F26 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA2MSXU0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYO24HQ3 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C5F0MOPU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I16HZJ2J (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J782M8I5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LGWG6N1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3DCD2XW (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3QCR2BO (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OMXDZ480 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q48Q1EGR (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQL8SV1K (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SFN98PGG (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STUM27A8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TRU0ASYQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z7HC377K (Temporary Internet Files Folder) 
 
 
 
Registry: 0 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/03/2016 at 13:20:57.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


ADW cleaner and ESET found nothing to report. 


#4 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:22 AM

Posted 03 March 2016 - 06:23 PM

Rerun MBAM and be sure to allow it to remove what it found..... DNS Unlocker....the log you posted doesn't show the items were deleted or quarantined.

  • When MBAM is finished scanning it will display a screen that displays any malware that it has detected.
  • Click the Remove Selected button.
  • MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.

 

Follow Steps 1 and 2 in the link below for resetting and flushing the DNS settings:

Protection Software: Resetting your DNS Settings

 

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 talkinggoat

talkinggoat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 03 March 2016 - 07:40 PM

Sorry, I didn't read your directions slowly enough; I found it strange you didn't want to attempt a removal. I'll try to be more patient. Here is the new log and the CC information you requested. 
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/3/2016
Scan Time: 4:57 PM
Logfile: Heberts auto mbam scan.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.03.06
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 519240
Time Elapsed: 41 min, 3 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{976D6064}, Quarantined, [19496c17afea55e19a543d3bed1713ed], 
 
Registry Values: 1
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{976d6064}|1, 1455890502, Quarantined, [19496c17afea55e19a543d3bed1713ed]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

------------------------
 
Checked the IP and cleared the DNS. Nothing strange, there. 
 
-----------------------


CC Cleaner:
Startup:
Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run Web Companion C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
No HKLM:Run Adobe ARM Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
No HKLM:Run Apoint Alps Electric Co., Ltd. C:\Program Files\DellTPad\Apoint.exe
Yes HKLM:Run AVG_UI AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\Av\avuirunnerx.exe" C:\Program Files (x86)\AVG\Av\avgui.exe
No HKLM:Run AvgUi AVG Technologies CZ, s.r.o. "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw
No HKLM:Run FreeFallProtection STMicroelectronics C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
No HKLM:Run HotKeysCmds Intel Corporation C:\Windows\system32\hkcmd.exe
No HKLM:Run IgfxTray Intel Corporation C:\Windows\system32\igfxtray.exe
No HKLM:Run Microsoft Default Manager Microsoft Corporation "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
No HKLM:Run nwiz NVIDIA Corporation C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
No HKLM:Run Persistence Intel Corporation C:\Windows\system32\igfxpers.exe
No HKLM:Run SunJavaUpdateSched Oracle Corporation "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
No HKLM:Run SysTrayApp IDT, Inc. C:\Program Files\IDT\WDM\sttray64.exe
No Startup Common J2534 Config App (MDI).lnk Vetronix Corp C:\PROGRA~2\GMMDIS~1\J2534C~1\J2534C~1.EXE disable

Tasks:
Yes Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)

Uninstall:
AccelerometerP11 STMicroelectronics 8/12/2014 2.00.10.22
Adobe Reader X (10.1.4) Adobe Systems Incorporated 1/11/2016 116 MB 10.1.4
AVG Protection AVG Technologies 2/11/2016 2016.41.7442
Bing Bar Microsoft Corporation 8/12/2014 6.0.2282.0
CCleaner Piriform 3/2/2016 5.15
Dell Data Protection | Access Dell Inc. 8/12/2014 2.0.00000.085
Dell Data Protection | Access | Drivers Dell Inc. 8/12/2014 1.00.011
Dell Data Protection | Access | Middleware Dell Inc. 8/12/2014 1.00.005
Dell Touchpad ALPS ELECTRIC CO., LTD. 8/12/2014 7.1208.101.116
ESET Online Scanner v3 3/3/2016
Gemalto 8/12/2014
GM MDI Software - 8.3.103.26 Bosch 1/22/2016 133 MB 8.3.103.26
Intel® Processor Graphics Intel Corporation 8/12/2014 8.15.10.2353
Java 7 Update 67 Oracle 1/22/2016 120 MB 7.0.670
KNCTR Itibiti Inc. 12/23/2015 9.81 MB
Malwarebytes Anti-Malware version 2.2.0.1024 Malwarebytes 3/2/2016 66.0 MB 2.2.0.1024
Microsoft .NET Framework 4.6.1 Microsoft Corporation 2/10/2016 38.8 MB 4.6.01055
Microsoft Office 2010 Microsoft Corporation 8/12/2014 6.31 MB 14.0.4763.1000
Microsoft Silverlight Microsoft Corporation 8/12/2014 20.4 MB 4.0.50401.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 8/12/2014 1.69 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8/12/2014 348 KB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 8/12/2014 620 KB 8.0.59192
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Corporation 8/12/2014 1.70 MB 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 8/12/2014 788 KB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 8/12/2014 596 KB 9.0.30729
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 Microsoft Corporation 1/22/2016 11.1 MB 10.0.40219
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12/23/2015 1.27 MB 4.20.9870.0
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 12/23/2015 1.33 MB 4.20.9876.0
NVIDIA 3D Vision Driver 311.10 NVIDIA Corporation 12/18/2015 311.10
NVIDIA Graphics Driver 311.10 NVIDIA Corporation 12/18/2015 311.10
NVIDIA nView 136.53 NVIDIA Corporation 12/18/2015 136.53
NVIDIA PhysX System Software 9.12.1031 NVIDIA Corporation 12/18/2015 9.12.1031
NVIDIA WMI 2.9.0 NVIDIA Corporation 12/18/2015 2.9.0
Samsung USB Driver for Mobile Phones Samsung Electronics Co., Ltd. 2/18/2016 26.6 MB 1.5.58.0
Tech2 SAE J2534 DLL General Motors 1/22/2016 510 KB 2.4.0.9
TIS2Web IVCS5B COM Proxy Eoos Technologies GmbH 1/22/2016 5.0.15.0
Visual Studio 2012 x64 Redistributables AVG Technologies 12/23/2015 12.9 MB 14.0.0.1
Visual Studio 2012 x86 Redistributables AVG Technologies CZ, s.r.o. 12/23/2015 10.5 MB 14.0.0.1
Windows Driver Package - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) Dell Inc. 8/12/2014 09/11/2009 1.0.1.6
Windows Live Essentials Microsoft Corporation 8/12/2014 15.4.3508.1109


I appreciate you. 



#6 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:22 AM

Posted 03 March 2016 - 09:09 PM

Disable this Windows startup...Yes HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

Use CCleaner by clicking on it and choose Disable on the right. Or you can use its settings to block it from startup.

 

Uninstall these programs:

Bing Bar Microsoft Corporation 8/12/2014 6.0.2282.0

ESET Online Scanner v3 3/3/2016

Java 7 Update 67 Oracle 1/22/2016 120 MB 7.0.670

KNCTR Itibiti Inc. 12/23/2015 9.81 MB

Microsoft Silverlight Microsoft Corporation 8/12/2014 20.4 MB 4.0.50401.0

Windows Live Essentials Microsoft Corporation 8/12/2014 15.4.3508.1109
 
After doing the above and rebooting, please tell me if IE is still a problem and if you can now boot into safe mode or not.
 
Have you explored IE's add-ons to see what is there? CCleaner allows you to view what starts up in the browser by 
clicking on the IE button after clicking on Startups. But there may still be other items you would want to disable after
looking at the add-ons.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 talkinggoat

talkinggoat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 03 March 2016 - 10:36 PM

Looks like it has resolved the IE problem, for the moment, but not the safemode issue. Computer gets to the screen, where I choose a login, then reboots. Doesn't do it in native mode. Could that be malware related? Damage to the registry?



#8 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:22 AM

Posted 03 March 2016 - 11:00 PM

I don't think it is malware. Try running Windows Repair using these instructions: Windows Repair All-in-one instructions

Be sure to do Option #3 as well as other repairs.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users