evil fantasy: need some help

evil fantasy:

  I started out in the Microsoft Windows forum on July 29, 2009, and after my question (tapping F8 key, computer does not go into safe mode) was reviewed, I was sent over to you.  I have followed all the directions (I think) to begin to eliminate the possible cause of the problem I am having.  I worked my way down to the bottom of the list given, and I am up to posting the 3 logs you requested to find a solution to all this.  I have saved the Super Antispyware log(the full scan found 2 Adware cookies), Malware Bytes log (quick scan found nothing), and the Hijack This log ( name changed to sniper exe./ this log looked like hieroglyphics- is that what you wanted?)  to Notepad- "save as" file.
  All 3 logs are there, but when I try to attach them and post them, I can only get the "Hijack This(sniper exe.)" file to move down to attachments.  When I click add another file, browse, and get to each of the other 2 files and double click on them,  they do not move down to the attachment box.  I have tried saving them again, but it hasn't made any difference.  I have spent hours following all the directions and it seems I am stopped now at the finish line.  Any thoughts? 
  Also, after looking at Major Geeks malware list, the only questionable programs I could remove were 'ASk This" and they also listed AV System Care.  Is the the same as "Advanced System Care 3?"  I removed it, but I would really like to know if they are the same program.

Thank you,
beachguy 
 

AV system care is a rouge spyware program which should never be on your computer.

Advanced System Care 3 is the safe program developed by IObit.

Copy and paste your logs to the forum...don't bother with the attachments....run HJT with log file and copy and paste it.

Thanks 2x3i5x.

Glad to hear the Iobit Advanced System care program is legit.  I really like its features.  Once I get my problem straightened out, I will downlod it again. That is really good news.
Thanks again,
beachguy

Copy and paste your logs to the forum...don't bother with the attachments....run HJT with log file and copy and paste it.

Yes, that might just be faster, just copy the text from the logs into a new reply here. 

and yeah, the  Advanced System Care from http://iobit.com/ is fine

evilfantasy;
Just saw your reply and I really want to make sure these 3 logs get to you.  I am going to copy and past each log into an e-mail and send it to Computer Hope.com      Subject box will be;  Att: evilfantasy-Computer Virus and Spyware Forum.  Will that get to you?  If not, please advise.

thanks,
beachguy

just post it here and evilfantasy will get here and look at it or some other malware guy will look at it and help you out. Don't have to send an email 

I have successfully completed the 3 logs and sent them in: SAS, MBAM and HJT.  I have installed HJT, ran the scan and had the Computer Hope process tool analyze the results.  I then checked off the recommended items to be fixed and they were succesfully removed.

I really thought this would correct the problem, but it didn't.  Hitting the power switch at reboot and immediately tapping the F8 key still does not bring the computer to safe mode.  Is there anything else I can try?  Is there ever any other key or combination of keys that will put the computer into safe mode? I am still hoping to solve this problem.  Other than this my computer is running great, but I believe this is an important function that has to be available for when needed. I am still unsure if I should force it into safe mode with run>msconfig and have the System Configuration Utility force it into something that possibly can't be undone.

 While I have been waiting to see if there are any other suggestions about this problem, I also checked the drive and devise manager to see if maybe it was just my key board that was not working correctly with the F8 key.  The answer stated the keyboard is working properly.

Also, I went into Help and Support on the Control panel and found this listed a lot under error logs:  Service Control Manager...The following boot start or system start driver (s) failed to load:Lbdszkg.  Is this related to this problem?

Thankyou,
beachguy

I am wondering if i should continue to wait for a reply to the last 3 paragraphs that provided more information in regard to the problem I am having with F8 key not going into safe mode?  Should I put this info in a new post?

Thanks,
beachguy

[Malware Removal Specialist]

I have successfully completed the 3 logs and sent them in:

Where are the logs? I can't see them.

They are on page 2 of this forum in the post I have on that page.  Not sure how to paste them over here. Same topic and Logs.

Thanks,
beachguy

[Malware Removal Specialist]

They are on page 2 of this forum in the post I have on that page.  Not sure how to paste them over here. Same topic and Logs.

here is the link.

Thanks, I read your e-mail to me, but I know where the logs are posted.  I will try to get them to post below. They are the same logs that went to the other post.   Please be reminded, that I already ran the Computer Hope process tool and the recommended items were successfully removed.

 I am still curious about what I found in: Contol Panel>Help and Support>Log Errors: service control manager..the following boot start of system start driver(s) failed to boot:Lbdszkg, and at start -up: invalid boot.ini file/Booting from C:\windows.   Are these relevant?

Thanks,
beachguy

[attachment deleted by admin]

Beachguy,

Follow the directions to run Chkdsk

http://support.microsoft.com/kb/315265

Aside from the error message how is the computer running?

 Karnac,

The computer is running fine, I will do the dskcheck now.

About an hour later...  I ran the dskchk that you suggested.  The dskchk completed all its functions and found/did the following:

recovering lost files

recovering orphaned file CiFlfffc.0002(13182) into directory file 54959

0  KB in bad sectors

I then shut the computer down, restarted it and immediately started tapping the F8 key.  Still no safe mode, but the computer did complete two dskchk scans on my C and D drives.  It didn't report any error messages.

Does this give you any other ideas?

Thanks,
beachguy

Running out of options here...how about the keyboard ...... is it PS/2 or usb?..... came across some posts on another forum stating the USB keyboard can be at fault....and to make sure USB is enabled in Bios....can you try another keyboard and see if it makes a difference.

You might want to look here as well.

http://support.microsoft.com/kb/330184

Karnac,
My keyboard is a Logitech PS/2.  A test with the devise manager recently indicated it was working properly.  My thoughts now are:  the computer is runing fine, my dskchk doesn't seem to have any major issues, I am not infected with a virus or spyware, the 3 logs previously submitted were basically clean, and I do not get any messages such as I have read on other posts, where different types of freqent error messages are given and their computers won't do anything.  My only error message at start up, again is : invalid boot. ini file, Booting from C:\windows.  I think I have read in other posts it should be booting off the hard drive, but I am not sure of this.  Is this anything?

Is there something, rather than safe mode being being infected or broken, that would cause it to be just switched off?

I can get into the Bios.  I know I shouldn't go in there and just start changing things around on my own.  I have looked in there recently and one function that I noticed is:  Super Boot-disabled.  I was tempted to enable it, but so far I haven't.  Should I do that? 

To try another keyboard, I would have to puchase one and this one is only 2 1/2 years old.

Also, I went to your MS link, invalid boot: ini file.  It explains how to rebuild a damaged or lost boot file.  It starts by asking that I put my Windows XP installation CD in the cd-rom and at setup press r to begin the fix.  Sounds simple enough but.. when I do that, my installation CD says this:

Welcome to Microsoft Windows XP

What do you want to do?

Install Windows XP
Learn more about the setup process
Install optional Windows components
Perform additional tasks
Check system compatibility  * reading the various MS links that I have been sent to, I think my installation CD is for SP 2 but I have SP 3 on this computer.  I have gotten messages that indicate my current version of Windows is newer than what is on my Windows CD and It has asked if I want to install an older version.  I don't want a reinstall of any version if it means my computer would be wiped clean.

There is no command  - press r for Recovery Console. This Recovery Console sounds like it might be what I need to fix this, if you can suggest how I can get to it.  And... how come my installation CD doesn't seem to have this? Hope this gives you some new ideas. 


Thanks,
 beachguy

Here's a step by step to install the recovery console...

http://www.bleepingcomputer.com/tutorials/tutorial117.html


There's also an option to edit the boot.ini file here...

http://support.microsoft.com/kb/289022

[Malware Removal Specialist]

Beachguy, it might be a good idea to try this. It certainly can't hurt and might cure the problem of starting in safe mode.

Karnac,

I tried to follow your link:  http://www.bleepingcomputer.com/tutorials/tutorial117html a few days ago.  Actually, I thought I was doing everything correctly.  At one point in he process it asked that I insert the windows installation CD into the drive and restart the computer.  When I did that the computer would not completely reboot .  Up until that point, I thought I was going through the directions correctly.  I guess I messed something up. They are very detailed.  Well,  the only thing that would work finally, was to reinstall Windows and all my previous programs.  This problem really turned out to be quite an adventure and I learned more than I previously knew before I started.  I guess that old saying is true,  "a  little  knowledge can be dangerous."  It looks like it was in my case.  With the reinstall my F8 key now taps into safe mode.

One point I am still wondering about is the 3 logs that were requested.  Those logs seem to be given a lot of importance.  No one ever commented about them once I got them on this post.  I am curious as to why any evaluation of them was not posted back except for another link to try with really no explanation concerning the logs.

Thank you,
beachguy

[Malware Removal Specialist]

Beachguy, the HJT log was the most important one and, if I recall correctly, it looked ok. That's why everyone was looking for some other solutions. That's why I suggested a System File check.

beachguy,

The purpose of the logs is twofold. First it shows the specialist that the scans have been run. Second, in the event that the pc does not respond to the scans/cleaning the information logged gives the specialist a good idea of what threats he is facing, and what tools to use to proceed....Usually using the process tool, a pc can be brought back to working order. In your case I don't believe we used the process tool once the pc was determined to be working fine with the exception of the disabled F8 key...that's when attention was diverted to that issue. I am not a specialist on this or any forum. I basically direct traffic and attempt to keep things moving and assisting as best I can. Unfortunately, your problems developed during a period of time when evilfantasy was enjoying a well deserved break from the boards and specialists are in short supply in all the malware forums. Hope this answers some of your questions and finds your pc running well. As evilfantasy recommends, download WOT(Web of Trust) and install it. This program will allow you to surf safely, and alert you to suspect sites.

Karnac,

Thank you for the reply.  It answered the questions I had and after awhile I sort of assumed that evilfantasy was away.  I will download the Web Of Trust.

beachguy

[Malware Removal Specialist]

(tapping F8 key, computer does not go into safe mode)

Where is the USB plugged in? The tower or somewhere else?

evilfantasy,

by USB  do you mean my keyboard?  This is a Logitech PS/2 keyboard and it is plugged into the back of the tower.

[Malware Removal Specialist]

This is a Logitech PS/2 keyboard and it is plugged into the back of the tower.

Yea that's what I meant. Sometimes people plug in the keyboard to a monitor that has USB plugs. Since the monitor loads after the tower you can't use keyboard commands soon enough to get into the the boot options.

Note: NEVER force Safe Mode if your computer is infected with malware. You may end up in a boot loop and have to reformat/reinstall. See here for details.

Alternate method of entering Safe Mode.  Force Windows to Boot Into Safe Mode Without Using the F8 Key

There is also a tool in the SUPERAntiSpyware folder called BootSafe that you can use but again don't use it if your infected. http://www.superantispyware.com/WebHelp/How_do_I_boot_to_Safe_Mode_.htm

XP - C:\Program Files\SUPERAntiSpyware > Double click Bootsafe
Or
Vista 64bit - C:\Program Files (x86)\SUPERAntiSpyware > Double click Bootsafe

evilfantasy,

Thanks for the links.  Now that everything is working again,  I will just keep them for future reference.

beachguy