Can't run 8 steps, system only boots into Safe Mode

[baggettms01]

I am working on a computer for a co-worker of mine. It will not boot in to normal mode at all. In safe mode I was able to get MBAM to install but it will not run. Ccleaner installs and runs just fine. SuperAntiSpyware will not install. HijackThis will not install.

Thanks in advance for you help.

 

[touch]

Hello baggettms01

Reboot to safe mode with network

Please download combofix here ->
ComboFix

Before Saving it to Desktop, please rename it to 123.com to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan.
Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall.
It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after
scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please attach it to your next post

 

[baggettms01]

Combofix log

Touch, attached is the combofix log file.

Thanks for your help.

 

[touch]

Looks like you´ve got rid of a rootkit there.

If you can´t boot to normal mode, open msconfig ->

Click on Start, then Run. In the Run dialog box type msconfig and press enter to start the MSCONFIG utility.
If you click on the Boot.ini tab you will see some checkboxes at the bottom under Boot Options. Uncheck the checkbox next to /SAFEBOOT.

Reboot.

See if you can run the steps in this guide:

8-step Viruses/Spyware/Malware Preliminary Removal Instructions

Post attached log´s from:

Malwarebyte
Superantispyware
Hijackthis

In your next reply

 

[baggettms01]

logs

The requested logs are attached. Thanks!

 

[touch]

Go to add/remove programs in controlpanel, and remove:
Search Settings
Viewpoint Manager

Reboot, attach fresh hijackthis log and tell how things are running ?

 

[baggettms01]

Thanks Touch, things are much better now. I uninstalled those two programs. I have one more question, there is an icon in the system tray for a program called "Poker Messenger". I have never heard of it and there is no option to uninstall it via control panel. Is this something I should be concerned about?

 

[baggettms01]

Here's the new HijackThis log. I forgot to attach it to my last reply.

 

[baggettms01]

Hey touch, Just checking in since I haven't gotten a reply yet. It appears that everything is cleared up on the machine, I would just like that to be verified be someone else. Thanks for your help.

 

[raybay]

Looks good to me.
Keep in touch for a few days.
You did not discuss what you use as Antivirus, but I would consider getting someting good like Avir Antivir or Avast or Kaspersky.
The problem remains that you do not know where the rootkit and other evils came from, so they may try to return, particularly if you visit the same sites. I would occasionally run those scans that have been discussed in this thread, and add Windows Defender to lurk in the background.

 

[baggettms01]

Thanks Raybay. This is not my computer, but a co-worker's. He has McAfee on it. I have already given your advice to him (running MBAM and SAS weekly, as well as being very careful what websites you visit).

 

[touch]

I thought you played Poker

But, delete ->C:\Program Files\Poker Messenger, from safe mode.


Reboot, and you´re good to go.