Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Enter Safe Mode Or Bios!


  • This topic is locked This topic is locked
4 replies to this topic

#1 kerryshannon

kerryshannon

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 22 August 2008 - 03:31 PM

turned on computer and found my onecare was not opening up. Onecare removed several viruses yesterday which is not normal since I do not go online much with this computer. I didn't write down the names.
I completed all steps in your guide and used all the programs you listed as well as, I went to the Onecare site and ran the update malware repair and got onecare working and ran it and removed Ferbink.B and Ntlin.A. Didn't find anything online about these. I did HiJackThis and removed about 6 items,,,once again, did not write them down. Down below is a copy of the latest HiJackThis and it appears the only file to come back is ctfmon.exe which I believe is for my windows office software.
The comp is working fine and onecare is working but I can still not log in to safe mode or bios. It appears my keyboard does not function until windows is completely loaded. Nothing happens when pressing f2 or f8 and once I made it to the screen that has the selection for safe mode, by turing off then on the computer before it shut down properly which made the computer go to that screen on the next boot, but my up and down arrows did not function and it automatically went to regular windows after timing out. Also tried to boot to my windows disc but when the screen read "hit any key to boot from cd" the keys did not work and it booted to the drive....by the way it says "invalid boot ini". It appears I need to rebuild my boot.ini but don't know how to do that since I can not boot to my windows cd nor can I boot to safe mode. I'd like to run all my malware software in safe mode as well. It appears I've done some damage to the beast but the beast still has control of my machine!
Also; I have two machines and I switch between the two. The other machine has no problem with the keyboard working before windows is fully loaded and I can enter bios and safe mode with no problem. I could previously enter bios and safe mode on the infected machine, but now can not. It, as I said, appears to have disabled my keyboard before windows is fully loaded.

Please help, and thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:33 PM, on 8/22/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\windows\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\windows\System32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\windows\Explorer.EXE
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe

--
End of file - 2806 bytes

BC AdBot (Login to Remove)

 


#2 kerryshannon

kerryshannon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 23 August 2008 - 02:19 PM

was it something I said?

#3 kerryshannon

kerryshannon
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:47 PM

Posted 25 August 2008 - 01:54 PM

update; does anyone care? lol
I copied the boot.ini file from one computer to the one that was "invalid". That worked but not sure if I need to delete the invalid one?
It appears the reason I can not use my keyboard is because I recently added a usb keyboard and bios does not work with usb?? I plugged in my old keyboard and can now enter safe mode. I see in bios that usb is enabled so not sure why my usb keyboard does not work?

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:07:47 PM

Posted 07 September 2008 - 01:47 PM

Hello kerryshannon

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 Pandy

Pandy

    Bleepin'


  • Members
  • 9,559 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:47 PM

Posted 27 February 2010 - 12:57 AM

Topic closed due to the time stamp of the original post and the fact there is a new logfile posted here http://www.bleepingcomputer.com/forums/t/298847/windows-autoloading-pinnacle/

Do not anticipate trouble, or worry about what may never happen. Keep in the sunlight.

Hide not your talents. They for use were made. What's a sundial in the shade?

~ Benjamin Franklin

I am a Bleeping Computer fan! Are you?

Facebook

Follow us on Twitter





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users