Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Conduit's aftermath - My Toshiba is in a State of Emergency!


  • Please log in to reply
18 replies to this topic

#1 Jean91

Jean91

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 24 July 2014 - 11:46 AM

I need serious help! So, my PC was infected with Search Conduit, I was able to remove the actual search engine as my homepage, and thought I had deleted it, and it decided to stay. Soon I noticed that I could no longer use Microsoft Word, iTunes, the internet, and a few other resources. Then I noticed whenever I turned my PC on these following notifications popped up:

 

ToshibaServiceStation.exe - Bad Image
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or software vendor for
support.


ToshibaAppPlace.exe - Bad Image
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or software vendor for
support.

MOM.exe - Bad Image
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or software vendor for
support.

TimelineMonitor: ToshibaTimelineMonitor.exe - Bad Image
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or software vendor for
support.

Microsoft Visual C++ Runtime Library
* Runtime Error
Program:C\Program Files\TOSHIBA\ReelTime\TimelineMonitor.exe
"This application has requestes the Runtime to terminate in an unusual way."

ToshibaAppPlace.exe.NET Framework Initialization Error
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll

 

Toshiba Service Station.NET Framework Initialization Error
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll

MOM.exe. NET Framework Initialization Error

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll

 

Google Chrome

Your profile can not be used because it is from a newer version of Google Chrome

(This one showed up 5+ times)

 

I received help from the awesome Machiavelli who destroyed all Malware from my PC (which helped improve the speed temporarily). When asked to restart my PC, every same error came back. He suggested I start a new forum here. Again, I am a Stay-at-Home-Mom who uses this PC as her work. HELP!!!



BC AdBot (Login to Remove)

 


m

#2 hamluis

hamluis

    Moderator


  • Moderator
  • 54,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:09 PM

Posted 24 July 2014 - 12:46 PM

Please download MiniToolBox  , save it to your desktop and run it.
 
Checkmark the following checkboxes:
  List last 10 Event Viewer log
  List Installed Programs
  List Users, Partitions and Memory size.
 
Click Go and paste the content into your next post.
 
Also...please Publish a Snapshot using Speccy - http://www.bleepingcomputer.com/forums/topic323892.html/page__p__1797792#entry1797792 , taking care to post the link of the snapshot in your next post.
 
Louis



#3 Jean91

Jean91
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 24 July 2014 - 12:50 PM

Thank You, Louis! I will be doing as you say :) 



#4 Jean91

Jean91
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 24 July 2014 - 12:53 PM

Louis, I downloaded the tool, and it said that it was an invalid windows application. Should I go ahead and temporarily disable Avast!?



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 54,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:09 PM

Posted 24 July 2014 - 01:00 PM

What...said that it was an invalid application?

 

Why are you asking about disabling Avast?  FWIW:  I never disable my installed AV program when downloading/installing anything, never found it to be an obstacle to installing or using any program.

 

Louis



#6 Jean91

Jean91
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 24 July 2014 - 03:43 PM

When I try to run the application an error message pops up and says "C:\Users\Aram\Desktop\MiniToolBox.exe is not a valid Win32 Application"

When I was removing the Malware with help from BleepingComputer, I was told a few times to temporarily disable Avast!. When I tried to download the application Avast! popped up saying, "Suspicious item has been detected:

 

URL hxxp://download.bleepingcomputer.com/dl/3cff72ca6c0209alflfbe3/utilities/m/minitoolbox/MiniToolBox.exe|[upx]

INFECTION Win32:Evo-gen [Susp]

 

What am I taking the snapshot of?



#7 hamluis

hamluis

    Moderator


  • Moderator
  • 54,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:09 PM

Posted 24 July 2014 - 05:10 PM

I don't use Avast, so I will not try to account for its quirks.

 

Personnel and procedures to eliminate an infection...are vastly different from personnel and procedures employed here in the Win 7 O/S forum.  Different responsibilities, different approaches, different problems, different routes to try to make the posting member more informed and relieved of her/his problem.

 

If you look around the various forums here...you will see that many members have successfully downloaded and utilized the mentioned tools...without any problems whatever.

 

If you read the link which instructs you to take a Speccy Snapshot...any questions about that particular tool should be answered.

 

Louis



#8 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:08:09 PM

Posted 24 July 2014 - 06:06 PM

For what it's worth I also recently received the same error message when I attempted to run MiniToolBox.
When I downloaded and saved the file, it disappeared from my downloads folder, the desktop and other places I where I had saved it. I searched for the saved downloads. The search told me it was located in all those places but the download was invisible.

When I chose to run instead of saving I was told MiniToolBox is not a valid Win32 application.
Nothing I did made it show up or run.

I gave up on MTB.

I have Eset Smart Security.

#9 hamluis

hamluis

    Moderator


  • Moderator
  • 54,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:09 PM

Posted 24 July 2014 - 10:21 PM

Q-E...I just redownloaded each from BC Downloads and installed MTB with no problems on my Win 7 laptop and my Win 7 dual-boot on this system.  I do suddenly find that I'm getting those crazy/phony error messages when I try to connect to Google, but no problem with installing programs.

 

Louis



#10 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Staff Emeritus
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:08:09 PM

Posted 24 July 2014 - 11:04 PM

I have screenshots of the errors. I won't post them here because I don't want to detract from the issues the OP is having.

#11 technonymous

technonymous

  • Members
  • 2,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 PM

Posted 25 July 2014 - 05:34 AM

If I recall search conduit likes to add itself as a service. Stopping the service you can uninstall it.



#12 Jean91

Jean91
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 25 July 2014 - 09:02 PM

OK. So, again, I am not exactly sure what to do then. If I can't download it, or run it, should I just skip it? I'm not sure what you're asking now. 

 

Anyway, here is the snapshot:

 

http://speccy.piriform.com/results/iQYZJ2vdiGJvkeNORuSiEfr



#13 hamluis

hamluis

    Moderator


  • Moderator
  • 54,820 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:09 PM

Posted 26 July 2014 - 08:01 AM

Just guessing without any adeditional data...but I would suspect file corruption.

 

The hard drive itself doesn't seem to have any problems, nor is there a problem with spacing on the Windows partition.  No evidence of overheating, no evidence of conflicting AVs or registry cleaner software.

 

I suggest running two commands:

 

  chkdsk /r from a command prompt....followed by

 

  sfc /scannow command.

 

Chkdsk From Command Prompt, Win 7 - http://www.bleepingcomputer.com/forums/t/496613/contextmenu-is-causing-explorerexe-to-crash/?p=3067880

 

SFC -SCANNOW Run in Command Prompt at Boot - Windows 7 Forums - http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html

 

Louis



#14 Jean91

Jean91
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 26 July 2014 - 05:46 PM

Ran first test, scanning next one now :)



#15 Jean91

Jean91
  • Topic Starter

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Local time:09:09 PM

Posted 26 July 2014 - 06:54 PM

I ran the second test, and when I went to the CBS log it said access denied.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users