Jump to content


  • Posts

  • Joined

  • Last visited


0 Neutral
  1. Thank you so much for taking time out of your day/s to help me fix my laptop. It really is appreciated and you have been so helpful! You explained things clearly for me and I'm sending massive thanks from the UK! :) :) :)

  2. Results of screen317's Security Check version 0.99.73 Windows Vista x86 (UAC is enabled) Out of date service pack!! Internet Explorer 7 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version Adobe Reader 8 Adobe Reader out of Date! Google Chrome 29.0.1547.66 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 7 % Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````
  3. # AdwCleaner v3.004 - Report created 17/09/2013 at 16:45:16 # Updated 15/09/2013 by Xplode # Operating System : Windows Vista Home Premium (32 bits) # Username : holmes - HOLMES-PC # Running from : C:\Users\holmes\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browsers ] ***** -\\ Internet Explorer v7.0.6000.16982 -\\ Google Chrome v29.0.1547.66 [ File : C:\Users\holmes\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [947 octets] - [17/09/2013 16:42:18] AdwCleaner[s0].txt - [873 octets] - [17/09/2013 16:45:16] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [932 octets] ########## Scan came up clean, laptop seems to be running ok, had a few occasions where the internet connection went down today but that may just be my internet provider. mbam-log-2013-09-17 (16-53-10).txt
  4. It did it! At some points it did say about 'access denied due to administrative permissions' even though I'd run it as administrator, but it still completed the scan. Log is attached log.txt
  5. It crashes, just gets stuck on 'scanning for infected files' even when running it as administrator in safe mode! MSE is disabled, is there anything else that could be stopping it from working properly? thanks
  6. I've now run aswMBR and the log is attached... I've downloaded ComboFix and tried to run it twice, but each time it seems to crash, the second time I ran it I left it for a good couple of hours but it gets stuck on the first scanning bit. I'd disabled my MSE too, any ideas?? aswMBR.txt
  7. I'm using MSE now, but have just run a scan and it's all clear! That's great! I will run the combofix later on and post the results.
  8. Thanks, I did a few scans as it wasn't asking me to reboot after clean-up, but I did restart my laptop and ran the scan again and it's now showing it's clear! I've attached the logs mbar-log-2013-09-13 (15-04-12).txt system-log.txt
  9. I only have 2 logs but maybe because it didn't give me any options to cure anything and so didn't ask me to reboot for the final time either. 12:59:21.0092 0x0c98 TDSS rootkit removing tool Aug 15 2013 16:44:2912:59:21.0464 0x0c98 ============================================================12:59:21.0464 0x0c98 Current date / time: 2013/09/13 12:59:21.046412:59:21.0464 0x0c98 SystemInfo:12:59:21.0464 0x0c98 12:59:21.0465 0x0c98 OS Version: 6.0.6000 ServicePack: 0.012:59:21.0465 0x0c98 Product type: Workstation12:59:21.0465 0x0c98 ComputerName: HOLMES-PC12:59:21.0466 0x0c98 UserName: holmes12:59:21.0466 0x0c98 Windows directory: C:\Windows12:59:21.0466 0x0c98 System windows directory: C:\Windows12:59:21.0466 0x0c98 Processor architecture: Intel x8612:59:21.0466 0x0c98 Number of processors: 212:59:21.0466 0x0c98 Page size: 0x100012:59:21.0466 0x0c98 Boot type: Normal boot12:59:21.0466 0x0c98 ============================================================12:59:22.0821 0x0c98 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000005012:59:22.0823 0x0c98 ============================================================12:59:22.0823 0x0c98 \Device\Harddisk0\DR0:12:59:22.0824 0x0c98 MBR partitions:12:59:22.0824 0x0c98 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xD5577E612:59:22.0824 0x0c98 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xD557825, BlocksNum 0xA3BF9C12:59:22.0824 0x0c98 ============================================================12:59:22.0920 0x0c98 C: <-> \Device\Harddisk0\DR0\Partition112:59:22.0968 0x0c98 D: <-> \Device\Harddisk0\DR0\Partition212:59:22.0968 0x0c98 ============================================================12:59:22.0968 0x0c98 Initialize success12:59:22.0968 0x0c98 ============================================================12:59:55.0190 0x0f88 Deinitialize success 2nd log is attached as it's too long thanks TDSSKiller.
  10. Yes, here's the report: RogueKiller V8.6.11 [sep 11 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6000 ) 32 bits versionStarted in : Normal modeUser : holmes [Admin rights]Mode : Scan -- Date : 09/13/2013 12:40:33| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[Address] IRP[iRP_MJ_CREATE] : C:\Windows\system32\drivers\atapi.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807980C2)[Address] IRP[iRP_MJ_CLOSE] : C:\Windows\system32\drivers\atapi.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807980C2)[Address] IRP[iRP_MJ_DEVICE_CONTROL] : C:\Windows\system32\drivers\atapi.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807869F4)[Address] IRP[iRP_MJ_INTERNAL_DEVICE_CONTROL] : C:\Windows\system32\drivers\atapi.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x807869C6)[Address] IRP[iRP_MJ_POWER] : C:\Windows\system32\drivers\atapi.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x80786A22)[Address] IRP[iRP_MJ_SYSTEM_CONTROL] : C:\Windows\system32\drivers\atapi.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x80793B36)[Address] IRP[iRP_MJ_PNP] : C:\Windows\system32\drivers\atapi.sys -> HOOKED ([Address] C:\Windows\system32\drivers\ataport.SYS @ 0x80793B02) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts localhost::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS541612J9SA00 ATA Device +++++--- User ---[MBR] 6290fdb9a623b9fdac8a566cf778686c[bSP] 49ae8ef5029e38adaf355d7e2453bd0f : Windows Vista MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 109230 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 223705125 | Size: 5239 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 234436545 | Size: 2 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_09132013_124033.txt >>
  11. Hi, I downloaded the anti-malware and it didn't detect anything. Here is the log: Malwarebytes Anti-Malware Database version: v2013.09.13.03 Windows Vista x86 NTFSInternet Explorer 7.0.6000.16982holmes :: HOLMES-PC [administrator] 13/09/2013 09:30:06mbam-log-2013-09-13 (09-30-06).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 200389Time elapsed: 5 minute(s), 56 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Next I tried the dds. The dds.scr wouldn't even load up, the dds.com would get to about 75% complete and stay at that point for ages, much longer than then 3 minutes! I had turned off my MSE, and disconnected from the internet. I don't know how to disable any script blocker that I may or may not have! What do you recommend I do now? Thanks for your help!
  12. Hi everyone, I hope someone can help, my laptop had this Trojan:DOS/alureon.E on it. I had avast installed and it always found the trojan but could never remove it after numerous restart attempts. Eventually my laptop (windows vista) gave up on me but yesterday I had someone come and use a boot disk so I could retrieve all my files and documents onto my external hard drive, which we did, he then factory reset my laptop which I was hoping would eliminate this trojan. My laptop now seems to be working fine. Unfortunately the infected file must still be on my hard drive as now Microsoft Security Essentials is now finding this trojan again. Now I'm in a loop of MSE finding the infected files, removing them, asking me to restart, finding them again etc etc.. I have run the bootrec.exe commands which said they were successful but I would like to know how I could get rid of this completely!! I obviously need to removed the dodgy files from my external hard drive, but how do I get it of my laptop? Any help would be much appreciated and please bear with me as although I know a little about computers, I am nowhere near an expert! Thanks so much
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.