Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bootup hangs on desktop


  • This topic is locked This topic is locked
3 replies to this topic

#1 Jaidynne

Jaidynne

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 07 July 2011 - 09:35 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:35:02 PM, on 7/7/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\CheckPoint\ZAForceField\ISWMGR.exe
C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zatray.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\PROGRA~1\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Update\1.3.21.57\GoogleCrashHandler.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.25\deploy\LoLLauncher.exe
C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.60\deploy\LolClient.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\Documents\HiJackThis.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Razer Naga Driver] C:\Program Files\Razer\Naga Epic\NagaEpicSysTray.exe
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [ZoneAlarm] C:\Program Files\Zone Labs\ZoneAlarm\zatray.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [nvwiz] C:\ProgramData\nvwiz.exe
O4 - HKCU\..\Run: [Crystal.exe] C:\Users\Jaidynne\AppData\Roaming\Crystal.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1892195590-1697437817-2911491524-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ZoneAlarm ForceField IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\Zone Labs\ZoneAlarm\vsmon.exe

--
End of file - 6164 bytes

Hi. I was sent here from the "Am I infected? What do I do?" section of the forum.

Windows Vista 32bit
3GB RAM
AMD Athlon 64 x2 Dual Core Processor 4000+ 2.10 GHz
Windows is fully updated as well.
I have Zone Alarm Extreme Security 10 (I believe) for my Anti-virus/Spyware/Firewall.

When I boot my computer, everything is fine, until I get to my desktop. My desktop is completely blank with a grey backround, no desktop icons, no task bar, mouse works. It stays like this usually roughly 5 minutes before it will load my desktop. The only programs I have set to start up when the computer boots is: Zone Alarm, My Naga Razor System Tray, and Free Ram XP Pro. When I boot into safe mode, I don't have this problem, which leads me to believe it's possibly either a program, or a driver that starts with a normal boot up.

Here's my DDS Log and a link to my previous post:

http://www.bleepingcomputer.com/forums/topic408337.html/page__gopid__2325745#entry2325745


.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Run by Jaidynne at 13:23:11 on 2011-07-08
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jaidynne\Documents\aswMBR.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jaidynne\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Jaidynne\Documents\Defogger.exe
C:\Users\Jaidynne\Documents\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071024
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
mRun: [ISW]
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Razer Naga Driver] c:\program files\razer\naga epic\NagaEpicSysTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{907D43AE-4F0A-468B-B9C9-112A8A1D4D66} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B2091A72-5697-49E3-B137-9D547289201E} : DhcpNameServer = 209.18.47.61 209.18.47.62
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jaidynne\appdata\roaming\mozilla\firefox\profiles\m3vjkv9x.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\jaidynne\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
.
============= SERVICES / DRIVERS ===============
.
R? AERTFilters;Andrea RT Filters Service
R? apf001;apf001
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? icsak;icsak
R? IswSvc;ZoneAlarm ForceField IswSvc
R? KodakSvc;Kodak AiO Device Service
R? Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service
R? Lavasoft Kernexplorer;Lavasoft helper driver
R? m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver
R? nvUpdatusService;NVIDIA Update Service Daemon
R? Stereo Service;NVIDIA Stereoscopic 3D Driver Service
R? vsdatant7;vsdatant7
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? amacpi;Microsoft Away Mode System
S? dtsoftbus01;DAEMON Tools Virtual Bus Driver
S? FontCache;Windows Font Cache Service
S? ISWKL;ZoneAlarm ForceField ISWKL
S? kl2;kl2
S? Lbd;Lbd
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? nvamacpi;Nvidia Away Mode System
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? nvoclock;NVIDIA Enthusiasts Platform KDM
S? RzSynapse;Razer Driver
.
=============== Created Last 30 ================
.
2011-07-08 03:41:08 -------- d-----w- c:\users\jaidynne\appdata\roaming\Malwarebytes
2011-07-08 03:41:00 -------- d-----w- c:\programdata\Malwarebytes
2011-07-08 03:40:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-01 04:58:08 -------- d-----w- c:\users\jaidynne\appdata\roaming\#ISW.FS#
2011-07-01 04:43:05 -------- d-----w- C:\MyBackup
2011-07-01 04:42:18 -------- d-----w- c:\program files\PC Tune-Up
2011-07-01 04:21:30 -------- d-----w- c:\program files\zonealarm_extreme_security
2011-07-01 04:19:14 -------- d-----w- c:\program files\Zone Labs
2011-06-30 21:53:47 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-30 08:16:20 -------- d-----w- c:\program files\MediaInfo
2011-06-30 08:13:44 -------- d-----w- c:\users\jaidynne\appdata\local\DDMSettings
2011-06-30 08:12:10 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-06-30 08:11:36 -------- d-----w- c:\program files\common files\DivX Shared
2011-06-30 08:11:04 -------- d-----w- c:\program files\DivX
2011-06-30 08:10:28 -------- d-----w- c:\programdata\DivX
2011-06-30 07:50:26 498688 ----a-w- c:\users\jaidynne\appdata\local\nvwiz.exe
2011-06-30 07:50:23 7987953 ----a-w- c:\users\jaidynne\appdata\local\Codecs.exe
2011-06-30 07:11:05 -------- d-----w- c:\program files\Combined Community Codec Pack
2011-06-30 06:47:42 73216 ----a-w- c:\windows\system32\ff_vfw.dll
2011-06-30 06:38:07 -------- d-----w- C:\CCCP
2011-06-30 06:36:15 498688 ----a-w- c:\programdata\nvwiz.exe
2011-06-30 03:54:31 -------- d-----w- c:\users\jaidynne\AdobeLicensingFilesBackup
2011-06-25 02:26:19 -------- d-----w- c:\windows\$regcmp$
2011-06-24 16:21:54 -------- d-----w- c:\program files\Hero Editor
2011-06-23 10:18:35 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-06-23 10:17:16 2829 ----a-w- c:\windows\DIIUnin.pif
2011-06-23 10:17:15 94208 ----a-w- c:\windows\DIIUnin.exe
2011-06-23 10:14:12 -------- d-----w- c:\program files\Diablo II
.
==================== Find3M ====================
.
2011-06-30 07:43:33 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-24 16:21:44 249856 ------w- c:\windows\Setup1.exe
2011-06-24 16:21:40 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-06-02 17:53:02 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-05-21 02:35:28 304744 ----a-w- c:\windows\system32\nvStreaming.exe
2011-05-13 19:08:06 615424 ----a-w- c:\windows\system32\themeui.dll
2011-05-13 19:08:06 240128 ----a-w- c:\windows\system32\uxtheme.dll
2011-05-07 21:51:26 451160 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2011-04-18 05:39:33 12920 ----a-w- c:\windows\system32\apl001.sys
2011-04-18 05:39:33 10872 ----a-w- c:\windows\system32\apf001.sys
2011-04-12 04:11:11 319456 ----a-w- c:\windows\DIFxAPI.dll
2011-04-12 04:10:54 315392 ----a-w- c:\windows\HideWin.exe
2011-04-11 06:09:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 13:23:36.60 ===============

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 10 July 2011 - 05:38 PM.


BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:42 PM

Posted 26 July 2011 - 06:10 PM

Hello, and :welcome: to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :)

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold


    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Push the Posted Image button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 Jaidynne

Jaidynne
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 27 July 2011 - 02:18 AM

I haven't fixed the issue at hand. However, I'm pretty confident that I don't have a problem with Mal-ware and I think the issue I have is related to Zone Alarm. Thanks for the help anyway, you can help someone else seeing as I don't think you can solve my Zonealarm issue. But thanks for taking the time to post. :)

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:42 PM

Posted 27 July 2011 - 06:23 AM

Okay. Good luck with your issue!

Since this issue appears to be resolved ... this Topic has been closed.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users