Tech Support Forum - View Single Post - Need Help

Sempurna · 05-09-2007, 04:21 AM

Hi Starjock,

You’re most welcome, Starjock.

OK, let’s do this next.

Please download HostsXpert and save it to your desktop:

Extract the zip file to your desktop or a permanent folder on your hard drive.
Open the folder and double-click on HostsXpert.exe.
Click "Backup / Restore" and select "Create Backup".
Click "Restore MS Hosts File".
Click "OK" and exit the program.

NEXT:

No malware in the latest logs that could be causing your problem. Let’s check for rootkits and see if anything pops up.

Please download and save F-Secure BlackLight to your desktop.

Click the I Accept button at the bottom of the page.
Download the Blacklight Beta graphical user interface version.
Double-click the fsbl.exe program that you downloaded to run BlackLight.
Click Scan -> Next.
After the scan you'll see a list of all items found. Please click Next and then Exit. Do NOT choose rename for any items yet! I need to see the log first, because legitimate items can also be present there...
A log will be created on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx are numbers)
Please post the contents of the log in your next reply.

NEXT:

Please download GMER and save it to your desktop:

Unzip (extract) it to your desktop.
Disconnect from Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click gmer.exe to run it.
Let the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan... click NO.
Click the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show All".
Then click the Scan button. Wait for the scan to finish.
Once done, click the Copy button.
This will copy the results to the clipboard. Open Notepad and press CTRL + V to paste the log, and save it to your desktop. Paste the results in your next reply.

If you're having problems with running gmer.exe, try it in Safe Mode.
This tool works in Safe Mode… other rootkit revealers don't.

NEXT:

Please REBOOT your computer normally into Windows and post these logs in your next reply:

The log from the BlackLight scan.
The log from the GMER scan.
A new ComboFix log.
A new HijackThis log.

(You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software).

Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted.

05-09-2007, 04:21 AM	#7 (permalink)
Sempurna Analyst, Security Team Join Date: Sep 2006 Posts: 1,302 OS: Windows XP SP2	Re: Need Help - Many Processes not Loading at StartUp. Hi Starjock, You’re most welcome, Starjock. OK, let’s do this next. Please download HostsXpert and save it to your desktop: Extract the zip file to your desktop or a permanent folder on your hard drive. Open the folder and double-click on HostsXpert.exe. Click "Backup / Restore" and select "Create Backup". Click "Restore MS Hosts File". Click "OK" and exit the program. NEXT: No malware in the latest logs that could be causing your problem. Let’s check for rootkits and see if anything pops up. Please download and save F-Secure BlackLight to your desktop. Click the I Accept button at the bottom of the page. Download the Blacklight Beta graphical user interface version. Double-click the fsbl.exe program that you downloaded to run BlackLight. Click Scan -> Next. After the scan you'll see a list of all items found. Please click Next and then Exit. Do NOT choose rename for any items yet! I need to see the log first, because legitimate items can also be present there... A log will be created on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx are numbers) Please post the contents of the log in your next reply. NEXT: Please download GMER and save it to your desktop: Unzip (extract) it to your desktop. Disconnect from Internet and close all running programs. There is a small chance this application may crash your computer so save any work you have open. Double-click gmer.exe to run it. Let the gmer.sys driver to load if asked. If it gives you a warning at program start about rootkit activity and asks if you want to run a scan... click NO. Click the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for "Show All". Then click the Scan button. Wait for the scan to finish. Once done, click the Copy button. This will copy the results to the clipboard. Open Notepad and press CTRL + V to paste the log, and save it to your desktop. Paste the results in your next reply. If you're having problems with running gmer.exe, try it in Safe Mode. This tool works in Safe Mode… other rootkit revealers don't. NEXT: Please REBOOT your computer normally into Windows and post these logs in your next reply: The log from the BlackLight scan. The log from the GMER scan. A new ComboFix log. A new HijackThis log. (You might have to paste the logs in multiple posts in the event they are too long and breach the post length restrictions of the forum software). Also, please let me know how things are running now and if you encountered any problems while you were following the directions I posted. __________________ Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum Last edited by Sempurna; 05-09-2007 at 04:28 AM.