Can only run in safe mode

[ken545]

Nothing was removed Not sure why ?

OTL ran as it was supposed to and when it went to reboot bsod
Do you remember the error you got when it bsod

Go ahead and run Malwarebytes again checking everything for removal. Make sure you check for updates first.

Be back soon I am going to check into this

 

[ken545]

Hi,

I edited this post because I want to try something different. Go back to Post 39 and copy and paste the fix into OTL and run it again, the computer will reboot but this time do not let it boot to normal windows, as the computer boots up press the F8 key and boot to Safemode and post the log the fix produced

 

[ken545]

What I need you to do is run Combofix again. We believe that userinit is infected . Drag your copy of Combofix to the trash and download a fresh copy as its updated on a regular basis.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[sauce73]

The BSOD error now is STOP: 0X0000007E (0XFFFFFFFFC0000005,0XFFFFF80001EEBC87,0XFFFFFA6016DA53E8,0XFFFFFA6016DA4DC0)
I ran OTL and rebooted into safemode. When it came back up I ran combofix(which still never asked to install Recovery center) and same errors as last time on it with pev.cfxxe haveing an issue and closing. When i went to reboot it said either startup normal or repair mode. I not thinking,(sidetracked with daughter), clicked repair mode. When it said it couldnt repair it could only restore to an earlier time I let it restore. I rebooted and got the above stop error. So I rebooted into safe mode and thats where I am leaving it till you tell me different. The OTl and everything I have put on the desktop recently are gone. I looked back in programs and Whitesmoke and gamevance are still there but I didnt do anything other than that.

 

[sauce73]

One more thing. When I rebooted from combofix I had BSOD. So when i went to reboot thats when I had the 2 options, Startup normal or repair.

 

[ken545]

Look at C:\Combofix.txt and see if it saved a log and post it please.

That error your getting may have to do with some sort of hardware conflict , I am having someone else look at it

 

[ken545]

I would like you to look in Device Manager for an entry. Just tell me if its present

http://kb.wisc.edu/page.php?id=5183

Once in Device Manager click on System Devices and tell me if this is present
[cmz vmkd] or vbma in name it should say virtual bus.

 

[sauce73]

Sorry about taking so long to get back to you. I have caught some kind of bug and was down al yesterday. There is no txt file for combofix and no virtual bus in the device manager

 

[ken545]

Well, hope your feeling better

It looks like your userinit is infected and causing all of this grief

Drag Combofix to the trash and download a fresh copy, dont run it yet

click start > run copy and paste usrini~1.exe /uninstall into the box > oK When its done try running combofix again

 

[sauce73]

It says it cant find the file.

 

[ken545]

Lets try restoring your computer to an earlier date, be sure to pick a date about a week or so prior to your problems

http://www.bleepingcomputer.com/tutorials/tutorial143.html

 

[sauce73]

It figures that it wont let me into restore. I wonder if it would be possible to remove the hard drive from the computer and scan it off another computer? And would it have to be one running vista? It says for an offline rstore to type rstui.exe/OFFLINE:c:\windows and then it says it cant find it.

 

[ken545]

Sauce,

I am afraid we have exhausted all options. Your about the fifth poster in the past few weeks that have had this same problem, nothing will run or work. I think the only option you have left is to format the drive and reinstall a clean copy of windows, if you need help with this let me know

 

[sauce73]

Thankyou so much for your help. This computer is my boss'es cousins and its not even mine. I just like working on them. I appreciate your patience.

 

[ken545]

Your very welcome