BSOD, Google links redirected problem

[writeneal]

Hi there, thanks for reading this.

I would love to post a HT Log, but can't get past my BSOD with the F8ing and 'safe mode'.

I get the following information, ha!, from the BSOD:

problem:

DRIVER_IRQL_NOT_LESS_OR_EQUAL

technical information:

*** STOP: 0x000000D1 (0x00000000, 0x0000001D, 0x00000000, 0x00000000)

My story:

I noticed that when I followed links from google's search results, I wasn't going to the specified page, but some cheap fake search results type page - with so-called results that had nothing to do with my google search.

I call this hijacking, and figured it was malware messing with my DNS.. so I went to MB, and ran update. haven't used it in a while, so it gave me a new program (requiring reboot) and then I tried to do a definitions update (the new program came with some listed as being from 07/01/10, I believe) but MB couldn't get new definitions. Error. I don't remember what it said.

So I tried my only other trick, I went to System Restore.

Chose a point around 2 wks back, and let it work. When System Restore went for the reboot, BSOD!

That's what sucks the most, I really rushed it, and could have done more surfing to figure out the animal I was dealing with before taking any actions.. it wasn't crippling my system. I could get to my google results by following the link a 2nd time. argg.

background:

XP Pro SP3

P4 3.00mhz, 1 gig ram

Firefox, updated to latest version today, from 3.56 to 3.6 after seeing hijacking problem. Still saw problem.

Ran great, usually only 1-15% cpu usage. low background programs.

Have used System Restore half-dozen times in the past 5 years on this rig, and has always worked & sometimes helped with little problems.

I do not have a Windows back-up / boot disc.

I would really appreciate any help to get a way into my harddrive or windows environment. (and then I will get a log up here asap!)

Thanks.

(perhaps a link to a good boot-CD creating program?)

[writeneal]

Small update - I found my CD and can get into Recovery console mode.

read about a problem with a recent windows update that gives XP users BSOD, so I followed those commands to take out the KB977165.

restarted, and still BSOD with same 'information' on it.

HELP.

I have no idea what commands to use now to get into Windows and then to try to get an HJT log... will wait for your help for the next move!

(fyi, this is what I did so far:

http://social.answers.microsoft.com/Forums...24-817bf39c207b

)

[writeneal]

Hi there; I don't want to seem impatient considering the BIG service you guys provide in the malware fight... however..

Any thoughts on my situation?

How can I get my system to work well enough to produce a HJT log...

(or if not, where should I look for a boot disk making program that will activate my usb's.. so I can save my work before rebuilding?... prefer not to do that, if my system configuration can be saved)

Thanks again!

[writeneal]

If this is the wrong forum, please direct me somewhere for help!

I would really really appreciate the expertise on this board to help get my computer back running.

isn't there any type of log-generating program, or registry checker, that can run outside the windows environment..?

I'm looking to boot ~something~ that will then help diagnose and repair my XP setup.. But I don't know what to use...

Again, I would be very thankful for a better option, if this is not the right place to get help with the BSOD..

[screen317]

Hi and welcome to Malwarebytes.

Do you still need help?

[writeneal]

Hi and welcome to Malwarebytes.

Do you still need help?

I gave up on saving the desktop HDD. Bot a IDE/USB cable and transferred files to my laptop. .. foolishly did not scan the destop HDD through the cable.. so a little worried about the laptop now.

Clean full scan with MB, and I added Microsoft Security Essentials for its scan and realtime protection - also showed as clean.

Can you look at this HJT Log, for my Vista-running laptop and let me know if it's Ok.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:20:42 PM, on 17/03/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18882)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\sttray.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O1 - Hosts: ::1 localhost

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuze.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"

O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

[screen317]

Hi,

I don't see any malware in your laptop's log. Are you experiencing any issues with it?

-screen317

[writeneal]

Hi,

I don't see any malware in your laptop's log. Are you experiencing any issues with it?

-screen317

Thank you!

No, no problems that I can tell. And I've kept the Microsoft Security Essential package for 'real-time protection'.

Please close thread!

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!