Jump to content

another search engine hijack please help


Recommended Posts

was hit awhile back with antivirus pro and maybe a couple other trojans. MBAM removed them but now my search engines (google, yahoo etc) get redirected when clicking on a selection. MBAM running resident keeps most of them blocked but still being redirected when selecting items I search for. Usually when I click a searched item, MBAM blocks the redirect and it takes clicking 3 times (blocking all three) before being taken to the proper link.

here is a recent MBAM log and hijack this log any help would be appreciated

Malwarebytes' Anti-Malware 1.41

Database version: 3245

Windows 5.1.2600 Service Pack 3

11/27/2009 9:21:37 PM

mbam-log-2009-11-27 (21-21-37).txt

Scan type: Full Scan (C:\|)

Objects scanned: 262831

Time elapsed: 1 hour(s), 33 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:30:31 PM, on 11/27/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\agrsmsvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Toshiba\IVP\ISM\pinger.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

c:\Toshiba\IVP\swupdate\swupdtmr.exe

C:\WINDOWS\system32\ThpSrv.exe

C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

C:\WINDOWS\system32\TODDSrv.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE

C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\00THotkey.exe

C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe

C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Toshiba\IVP\ISM\ivpsvmgr.exe

C:\WINDOWS\system32\WISPTIS.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\John Carlson\Local Settings\Temporary Internet Files\Content.IE5\JG2GPV22\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service

O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [DpUtil] C:\Program Files\TOSHIBA\DualPointUtility\TEDTray.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TAudEffect] C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe /run

O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe

O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup

O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run

O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John Carlson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1201444461640

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)

O18 - Filter hijack: text/html - {17bdae4a-2dea-419b-b10c-72f1b13ef678} - C:\WINDOWS\mark_32.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: TosBtNP - C:\WINDOWS\SYSTEM32\TosBtNP.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP M1319 Receive Fax Service (HPM1319RcvFaxSrvc) - Marvell - C:\Program Files\HP\HP LaserJet M1319 MFP Series\ReceiveFaxUtility.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Intuit Fuse Service - Intuit - C:\Program Files\Common Files\Intuit\Fuse\Service\Intuit Fuse Service.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe

O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe

O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--

End of file - 14730 bytes

Link to post
Share on other sites

Hi brotherjack and Welcome to Malwarebytes!

Please move hijackthis.exe into a permanent folder

To create a permanent folder click My Computer, then C:\

In the menu bar click on File, New, Folder.

That will create a folder named New Folder, which you can rename to "HJT" Now you have C:\HJT\ folder. Put your HijackThis.exe into that folder. In case we need to use HijackThis to fix something.

Download ATF (Atribune Temp File) Cleaner

Link to post
Share on other sites

Hi Kenny94:

Thank you for your reply in trying to help me fix my computer..

I have run into a problem.

I followed your instructions

1. ATF cleaner

2. recovery disks

3. Download combofix

I read the combofix warnings and instructions on disabling AV, firewalls etc. and after I disabled teatimer the instructions say to reboot the computer.

My computer now hangs up at startup and will only keep attempting to start up...no options work safe start etc..even when I press f8 for safe mode all the options are listed but none of them work...whatever option is selected it always returns to the startup screen and tries to restart in normal mode to no avail. strarts the 30 sec countdown clock and keeps trying to boot unsuccessfully..

BTW my machine is a laptop toshiba tecra A9-s9013x winXP-pro no floppy dr

I have a couple others laptops so I can continue to communicate with you and see these posts and download items if need be

don't

Link to post
Share on other sites

That's very odd your computer is doing this. Shut your computer down for several hours. Then Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now Use your arrow keys to move to "Last Known Good Configuration" and press your Enter key. This will enables the system to go back to a date before you had this problem. And let me know if this worked? Before we do any thing else.

Link to post
Share on other sites

good morning kenny94,

After letting the computer rest all night I still cannot get windows to start. When powered on I am brought right the black and white selection screen (safe mode etc) when you select any item it brings you right back to the same screen.

When starting with F8 same thing except includes advanced options... all selections(including last known good config) bring me back to the same start screen except the option "disable auto restart on sys failure" brings me to a blue screen with the final technical info ***STOP: 0x0000007e (0xC0000005, 0x7814EC21, 0xF7AA2C44, 0xF7AA2940)

I assume somthing has happened to my bootlog...aside from the recent redirects this machine has not had any problems the only diff is I disabled all my protection prior to shutting down.

have no clue what to do next and all your direction is appreciated

Link to post
Share on other sites

Do you have Windows XP Recovery Console installed? Or a Windows XP installation disc brotherjack, if so, try a Recovery. We can try Avira AntiVir Rescue System as well. Since you have malware in your computer we can try AntiVir Rescue System.

Please try downloading and burning the following from another computer.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from

  • Place a blank CD in your burner and double-click on the downloaded file named
    rescue_system-common-en.exe

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files

    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues

  1. Please see the post
    if you're unable to view the entire screen of Avira.

  2. You can also review this one

  3. Currently only the German keyboard is supported.
    English keyboards require work arounds.

  4. Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.

Link to post
Share on other sites

avira has finished scanning and the results are

records 2

suspect files 0

warnings 92 (looks like most of these if not all are from spybot folders)

also at the end of the log it says

alerts 2

suspicious 0

repaired 0

deleted 0

renamed 0

quarantined 0

warnings 92

I have not tried to reboot I still have Anvir screen up untill I hear back from you

Thanks

Link to post
Share on other sites

I would need some help with this and am hoping I could do it without data loss if possible.

Since this is a fairly new laptop it does not come with windows disks but I do have the self made the recovery disks which of course only puts it back to original out of the box state...my least desired option..

I have some data I would like to get off the machine which would be my first priority.. I have looked around some of the posts here and elsewhere and seen things like Hirens bootcd or booting from a linux based cd but have no clue how to do it..

so is it possible to reinstall the OS WITHOUT data loss or even repair the OS...

or

If we can get to the hard drive via Hirens etc. see what might be the cause..

also from what I have read about the "blue screen"it seems my blue screen is not giving me the reason why this is happening..

I am also considering bringing the machine to a local repair shop...I have some issues in that there is some sensitive financial data on the machine and cannot "leave" the machine with anybody so I would have to stay with the machine. Not a big issue unless it is an issue with the repair shop.

your thoughts?

Link to post
Share on other sites

thanks in the meantime I am going to look into and research some type of boot cd so I can get some data backed up before we try any repairs..

You can do an parallel install will allow the machine to become bootable and recover all past data and trouble shoot the problem install.

http://www.ehow.com/how_5162721_parallel-i...windows-xp.html

Then then do a repair install to paste it back together. Or back up your stuff and do a full reinstall.

You can check for a good deal for a XP CD at craigslist or ebay. Here's one I found at:

http://www.pricegrabber.com/user_sales_get...;lot_id=9779770

Link to post
Share on other sites

Hi Kenny94

I downloaded hirem bootcd that was mentioned in this post http://www.malwarebytes.org/forums/index.p...31488&st=20 on page 2 topic #25

the cd is really cool and has lots of stuff on it (that I don't know how to use) but most important is the "start mini window XP" which starts a RAM version of XP and gets me too my hard drive and whole computer..I am now on "my computer" successfully backing up important data files...to a USB drive

I know there is a slew of things I can do while here as I can see my whole computer but for now and the next cpl hrs I am going to back up all the data that is important to me and I'll let you know when I'm done. It would be nice if I could find out the actual problem and fix it since I can now get to the hard drive

I also know on the CD that there are a lot of other tools that may help but I will not do anythng without your guidance or thorough research first...

Will also look at the XP links you sent to buy a copy

Your help and time is very much appreciated.

back to the backup

Link to post
Share on other sites

when I downloaded Hiren the site was down all weekend and this morning it was painfully slow esp for ver 10.01 so I tried the ver 10.00 and was much faster...great download with all types of programs (including malwarebytes) and a friendly menu

also the price grabber link you sent was for an XP academic upgrade and I think I would need full version but while I'm looking..what do you think of the idea of Windows7 upgrade instead...do you think a full install of 7 would work even though my xp has problems.?

Link to post
Share on other sites

Hi brotherjack

We feel Spybot may have cause the problem. With the "warnings 92" in the Spybot folders.... See if can remove Spybot in the Add/Remove Programs and remove Spybot folder.... I don't know if you can do this with Hiren's BootCD? But with BartPE you can at: http://www.nu2.nu/pebuilder/

Let me know if you can remove Spybot? If not I'll ask for a canned on how to use BartPE. Also, you mention Windows 7. Yes looking at your tecra a9-s9013 machine you should have no problems with Windows 7. Like you said, lets find out what the problem was and go from there.... <_<

Did you never ran ComboFix at all when all this happen on the reboot?

Link to post
Share on other sites

Hi Kenny94:

With the Hiren bootcd I don't think I can add or remove programs in the traditional sense (uninstall) but I will try...I can delete files and folders all day long but I would fear registry problems.. My guess on the 92 warnings were the items that spybot saw in the folders it sends any problems to.. I can run anvir again and see what folder it was reporting from.

I will explore the BartPE...

I never ran Combofix only downloaded it...I never got to run it as I was heeding the warnings of shutting down the AV programs etc. I followed the instructions carefully esp. what to do with teatimer...That called for a reboot...when I did reboot thats when it happened...but it could also be just coincidence....there is a possibility that there was a recent XP security update (as they seem to happen all the time these days) and a combination of events or key stokes or whatever could have caused this...

I have been googling some known issues that I can see.

1. On my blue screen of death is ***Stop: 0x0000007E (parameters) a google search for that comes up with a whole bunch of possibilities..but most don't mention virus's

2. When I try safe mode the last driver listed is "mup.sys"...a google search for that comes up with all kinds of hits and reasons. Most of them relate to something with bad drivers...it is beyond my knowledge to start messing with that stuff..

there are some solutions of adjusting the BIOS(shadowing & cache PCI) but I did not see where I had those options on my BIOS screen..also solutions of moving some the drivers etc..again beyond my expertise.

So I am not truly convinced the maleware was actually the cause of my boot problem based what I have read on the above two items..I think something happened to a driver (your original thought way back)

I did check out the win7 upgrade on the toshiba site and saw my machine was a good candidate for 32bit ver. but toshiba recommends a clean install which would wipe out the programs & data (this is not the end of the world as I have my programs & still backing up my data)...they also have all the drivers and toshiba tools that are win7 compat. so I figure if I am going to buy Win disks I might as well get the latest (although I do like XP pro)

other info

Hirens has a whole bunch of tools most of which I don't mess with

I ran chkdsk (no problems)

they also have an older version of ERD system restore but I could not get it to recognize any of my restore points haven't been able to find a newer version of the program.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.