Results 1 to 2 of 2
  1. #1
    Member
    Join Date
    Jan 2008
    Posts
    2
    Points
    0

    Default Can Only Start-Up in Safe Mode

    PROBLEM/SYMTOM: I can only boot up in safe mode. Don't know if it is caused by virus, malware (etc) or a registry error. I've done a lot of investigation (see below) and have provided the second Hijack-This log file below for your review. This is the chain of events:

    Yesterday I deleted a program yesterday and reinstalled (Roxio Easy CD Creator). After installing, I downloaded updates (4) and then rebooted). Worked fine until I rebooted the next time. I booted up in safe mode and used Admin Tools to review the Programs files and found the following types of problems:

    The installation of C:\DOCUME~1\user\LOCALS~1\Temp\7zS1.tmp\AdwareAlert.msi is not permitted due to an error in software restriction policy processing. The object cannot be trusted.

    AND

    Virus Found!Virus name: Trojan.Zlob in File: C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\1g1tp4fj.default\Cache\020EBF95d01 by: Defwatch scan. Action: Clean failed : Leave Alone succeeded :

    AND

    The description for Event ID ( 57345 ) in Source ( AliDiskViewer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Jan 11 15:56:44 AliDiskViewer[4052] *** _NSAutoreleaseNoPool(): Object 0x2e41f98 of class NSConcreteValue autoreleased with no pool in place - just leaking.
    ______________________________
    I ran corporate Symantec Client 8.0, Ad-Aware, Spy-Bot and Panda Active Scan. Found nothing. Searched for Zlob files via Search. Found none.
    Went thru Help2Go process: ran HiJack-This, removed 5 files that it recommenced I delete (2 were identified as known bad files), rebooted (safe mode), cleaned out temp folders, rebooted again, ran HiJack This again and copied new log file below, per instructions of Help2Go.

    I still cannot start-up in normal mode. It takes me to the screen where I can choose the 3 types of safe mode (the other choices do not work).
    ______________________________________

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:17:23 AM, on 1/14/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
    O4 - HKLM\..\Run: [RoxAssistant] C:\Program Files\Common Files\Roxio Shared\Upgrade\RoxAssist.exe /s
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\RunOnce: [ddvd.dll] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\dvd.dll"
    O4 - HKLM\..\RunOnce: [DVideoCD.dll] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\VideoCD.dll"
    O4 - HKLM\..\RunOnce: [DRMT.dll] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\RMT.dll"
    O4 - HKLM\..\RunOnce: [DCapture.dll] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\Capture.dll"
    O4 - HKLM\..\RunOnce: [DDVDDump.ax] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\DVDDump.ax"
    O4 - HKLM\..\RunOnce: [DDVFrameDet.ax] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\DVFrameDet.ax"
    O4 - HKLM\..\RunOnce: [DPreview.dll] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\Preview.dll"
    O4 - HKLM\..\RunOnce: [Dvergb24.ax] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\vergb24.ax"
    O4 - HKLM\..\RunOnce: [DVideoTransition.ax] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\VideoTransition.ax"
    O4 - HKLM\..\RunOnce: [DMultiFileReade] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\MultiFileReader.ax"
    O4 - HKLM\..\RunOnce: [DRxDump.ax] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" +r"C:\Program Files\Common Files\Roxio Shared\DLLShared\RxDump.ax"
    O4 - HKLM\..\RunOnce: [ACMWrapperV2.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\ACMWrapperV2.dll"
    O4 - HKLM\..\RunOnce: [MediaPlayerV2.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\MediaPlayerV2.dll"
    O4 - HKLM\..\RunOnce: [driversV2.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\driversV2.dll"
    O4 - HKLM\..\RunOnce: [Cdbootable.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Cdbootable.dll"
    O4 - HKLM\..\RunOnce: [cdDataPS.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\cdDataPS.dll"
    O4 - HKLM\..\RunOnce: [cdExtra.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\cdExtra.dll"
    O4 - HKLM\..\RunOnce: [cdmp3.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\cdmp3.dll"
    O4 - HKLM\..\RunOnce: [database.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\database.dll"
    O4 - HKLM\..\RunOnce: [ISO9660.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\ISO9660.dll"
    O4 - HKLM\..\RunOnce: [Joliet.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Joliet.dll"
    O4 - HKLM\..\RunOnce: [Udf.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Udf.dll"
    O4 - HKLM\..\RunOnce: [creator.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\creator.dll"
    O4 - HKLM\..\RunOnce: [Translator.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CreatorAPI\Translator.dll"
    O4 - HKLM\..\RunOnce: [CDEngine.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\CDEngine\CDEngine.dll"
    O4 - HKLM\..\RunOnce: [dvd.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\dvd.dll"
    O4 - HKLM\..\RunOnce: [DvdVR.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\DvdVR.dll"
    O4 - HKLM\..\RunOnce: [rmt.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\RMT.dll"
    O4 - HKLM\..\RunOnce: [shellex] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\shellex.dll"
    O4 - HKLM\..\RunOnce: [VideoCD.dll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\VideoCD.dll"
    O4 - HKLM\..\RunOnce: [zDvFrameDectectorax] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\dvframedetector.ax"
    O4 - HKLM\..\RunOnce: [zvergb24ax] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\vergb24.ax"
    O4 - HKLM\..\RunOnce: [zRoxPrvwdll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\VideoTransition.ax"
    O4 - HKLM\..\RunOnce: [zPreviewdll] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Roxio\Easy CD Creator 6\PMStudio\Preview.dll"
    O4 - HKLM\..\RunOnce: [RxDumpax] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\RxDump.ax"
    O4 - HKLM\..\RunOnce: [MultiFileReader] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\MultiFileReader.ax"
    O4 - HKLM\..\RunOnce: [RxQuicktime] C:\WINDOWS\system32\regsvr32.exe /s "C:\Program Files\Common Files\Roxio Shared\DLLShared\RXQuicktime.ax"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_09] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_10] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_08] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
    O4 - Global Startup: D-Link AirPlus Xtreme G Configuration Utility.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10708 bytes

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Looking at your log I'd say that all your problems are a result of a bad install of Roxio\Easy CD Creator 6

    A RunOnce: entry should do just that ... RunOnce ... after a reboot all those RunOnce entries should not be in your log ...

    Also zlob is a generic name given to thousands of adware downloaders, it would be quite feasible that the roxio downloader is wrongly being tagged as zlob...

    Uninstall Roxio\Easy CD Creator 6 & see if that resolves the problems ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -