Tech Support Forum - View Single Post - Need Help

Sempurna · 05-07-2007, 07:50 AM

Hi Starjock,

Welcome to Tech Support Forum!

I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help.

First of all, please turn off Word Wrap in Notepad. It will make the logs easier to read: :)

To turn off Word Wrap, please open Notepad (Start -> Run -> type notepad in the Open field -> OK).
Then go to the Format menu and uncheck Word Wrap.
Exit Notepad.

NEXT:

Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present):

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)

Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked".

Then please exit HijackThis.

NEXT:

BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download Dr.Web CureIt and save it to your desktop.

NOTE: In the event you already have Dr.Web CureIt, this is a new version that I need you to download.

Next, please reboot your computer into Safe Mode by doing the following:

Reboot your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
Instead of Windows loading as normal, a menu should appear.
Using the arrow keys on the keyboard, scroll to and select the Safe Mode menu item, and then press Enter.

Now scan with Dr.Web CureIt:

Double-click the drweb-cureit.exe file. It will then suggest to run an "Express Scan" -- this you should allow.
After this (Dr.Web writes "Done" at the bottom left), you click "Options" menu -> "Change settings".
Choose the "Scan" tab, uncheck the mark at "Heuristic analysis".
Choose the "Actions" tab, and choose "Rename" under all the "Malware" issues. Then click "OK".
Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen).
Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found.
After the scan, go to the "View" menu -> "Report list".
Then go to the "File" menu -> "Save report list".
Save the report to your desktop. The report will be called DrWeb.csv. Copy and paste the contents of the report in your next reply.
Close Dr.Web CureIt.
REBOOT your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

After reboot, post the contents of the log from Dr.Web you saved previously in your next reply, together with a new HijackThis log.

NEXT:

Please download ComboFix by sUBs:

NOTE: In the event you already have ComboFix, this is a new version that I need you to download.

Save it to your desktop.
Double-click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

NEXT:

Please download System Repair Engineer by Smallfrogs and save it to your desktop:

Right-click sreng2.zip, select Extract All, and extract it to its own folder.
Double-click SREng.exe to run it.
Select Smart Scan and check (tick) Verify the digital signatures of process modules.
Click on the Scan button.
When the scan is complete, click on the Save Reports button and save the log to your desktop.
Please attach the log in your next reply. Don’t post it.

Note: You would have to rename SREngLog.log to SREngLog.txt before attaching it. If you cannot attach the log, then please copy and paste its contents into your next reply.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

The log from the Dr.Web CureIt scan.
The log from the ComboFix scan.
The log from the SREng scan.
A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

05-07-2007, 07:50 AM	#3 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Re: Need Help - Many Processes not Loading at StartUp. Hi Starjock, Welcome to Tech Support Forum! I apologize for the delay getting to your log. The helpers here are all volunteers and we have been very busy here lately. If you are still having malware problems, I will be glad to help. First of all, please turn off Word Wrap in Notepad. It will make the logs easier to read: :) To turn off Word Wrap, please open Notepad (Start -> Run -> type notepad in the Open field -> OK). Then go to the Format menu and uncheck Word Wrap. Exit Notepad. NEXT: Please run HijackThis and click "Scan". Place a check (tick) next to the following entries (if present): R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file) Close ALL programs and browsers (including this one), leaving ONLY HijackThis open, then click "Fix checked". Then please exit HijackThis. NEXT: BEFORE BEGINNING, Please read completely through the instructions below. Please also print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions. Please download Dr.Web CureIt and save it to your desktop. NOTE: In the event you already have Dr.Web CureIt, this is a new version that I need you to download. Next, please reboot your computer into Safe Mode by doing the following: Reboot your computer. After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again. Instead of Windows loading as normal, a menu should appear. Using the arrow keys on the keyboard, scroll to and select the Safe Mode menu item, and then press Enter. Now scan with Dr.Web CureIt: Double-click the drweb-cureit.exe file. It will then suggest to run an "Express Scan" -- this you should allow. After this (Dr.Web writes "Done" at the bottom left), you click "Options" menu -> "Change settings". Choose the "Scan" tab, uncheck the mark at "Heuristic analysis". Choose the "Actions" tab, and choose "Rename" under all the "Malware" issues. Then click "OK". Back at the main window, you should now mark the drives that you want to scan (a red dot shows which drives have been chosen). Click the green arrow at the right, and the scan will start. The first time Dr.Web finds something, you click "Yes to All", and it will after this automatically fix what is found. After the scan, go to the "View" menu -> "Report list". Then go to the "File" menu -> "Save report list". Save the report to your desktop. The report will be called DrWeb.csv. Copy and paste the contents of the report in your next reply. Close Dr.Web CureIt. REBOOT your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply, together with a new HijackThis log. NEXT: Please download ComboFix by sUBs: NOTE: In the event you already have ComboFix, this is a new version that I need you to download. Save it to your desktop. Double-click combofix.exe and follow the prompts. When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply. CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall. NEXT: Please download System Repair Engineer by Smallfrogs and save it to your desktop: Right-click sreng2.zip, select Extract All, and extract it to its own folder. Double-click SREng.exe to run it. Select Smart Scan and check (tick) Verify the digital signatures of process modules. Click on the Scan button. When the scan is complete, click on the Save Reports button and save the log to your desktop. Please attach the log in your next reply. Don’t post it. Note: You would have to rename SREngLog.log to SREngLog.txt before attaching it. If you cannot attach the log, then please copy and paste its contents into your next reply. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply: The log from the Dr.Web CureIt scan. The log from the ComboFix scan. The log from the SREng scan. A new HijackThis log. (You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software). Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted. __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 05-07-2007 at 07:53 AM.