Jump to content

ddjmagic

Honorary Members
  • Posts

    31
  • Joined

  • Last visited

Everything posted by ddjmagic

  1. Tried start up repair and it finds no problems. I think it must be the user profile, what files do I need to backup so I don't lose all my user settings? Just the complete user folder?
  2. I came to turn my windows 7 pc on this morning and it booted as normal - starting windows - welcome - then the screen goes blank with just a mouse cursor. Ctrl-Alt-Del works and I can bring up task manager, but task manager stops responding as soon as I try and start a new task. Tried safe mode, exactly same thing happens. If I switch to another user it works fine and the desktop shows up and everything, just my main user that won't work? Tried system restore but doesn't fix it. Any suggestions? Thanks.
  3. I will have a go at backing up and reformatting, thanks for the help.
  4. Yeah, pretty much the whole of program files was infected and just about every HTML file on my PC. A few questions - Will the USB flash drive that I have been using to copy between the 2 PC's be OK? What would be the safest way of backing up my images/music etc, that aren't infected? Would I be able to use the recovery partition to reinstall windows? Thanks for your help!
  5. Scan completed - 27,349 found, 27,424 deleted. The log is too big to post here - here's the items it was unable to delete- C:\Windows\explorer.exe Win32/Bamital.ER trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\explorer.old Win32/Bamital.ER trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Windows\System32\wininit.exe Win32/Bamital.ER trojan (unable to clean) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Bears.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Garden.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Green Bubbles.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Hand Prints.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Orange Circles.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Peacock.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Roses.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Shades of Blue.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Soft Blue.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I C:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6000.16386_none_ef216b8c52ca2227\Stars.htm Win32/Ramnit.A virus (error while cleaning) 00000000000000000000000000000000 I ${Memory} multiple threats 00000000000000000000000000000000 I
  6. Its 6 hours into the scan and about 2/3 of the way through, its been stuck on one file on the recovery partition for about an hour. So far it has found 27,438 infected files, all W32/Ramnit, it looks like its infected pretty much everywhere I'll let it run a bit longer to see if it can get past that file and finish the scan.
  7. Same, nothing found - http://virusscan.jotti.org/en/scanresult/7...4a5d720115d1969
  8. http://virusscan.jotti.org/en/scanresult/4...7c005565a5e192f
  9. Computer pretty much the same, whatever I do , multiple IE browsers open, when they open, a file "watermark.exe" appears in task manager for a few seconds. Latest log- ComboFix 10-11-18.03 - derek 11/19/2010 1:42.5.2 - x86 NETWORK Microsoft
  10. Hiddens files were not been shown before, heres the new log- ComboFix 10-11-18.03 - derek 11/19/2010 0:38.4.2 - x86 NETWORK Microsoft
  11. SystemLook 04.09.10 by jpshortstuff Log created at 00:23 on 19/11/2010 by derek Administrator - Elevation successful ========== filefind ========== Searching for "explorer.exe" C:\Windows\explorer.exe --a---- 2923520 bytes [00:06 19/11/2010] [09:45 02/11/2006] 2774A3141A1FFEBA09C87463C84B2FAF C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe --a---- 2923520 bytes [08:47 02/11/2006] [09:45 02/11/2006] FD8C53FB002217F6F888BCF6F5D7084D C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe --a---- 2923520 bytes [23:50 19/10/2007] [23:50 19/10/2007] 6D06CD98D954FE87FB2DB8108793B399 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe --a---- 2923520 bytes [12:26 10/12/2008] [06:20 29/10/2008] 37440D09DEAE0B672A04DCCF7ABF06BE C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe --a---- 2923520 bytes [23:50 19/10/2007] [23:50 19/10/2007] BD06F0BF753BC704B653C3A50F89D362 C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe --a---- 2923520 bytes [12:26 10/12/2008] [02:15 28/10/2008] E7156B0B74762D9DE0E66BDCDE06E5FB C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe --a---- 2927104 bytes [16:42 23/09/2008] [07:33 19/01/2008] FFA764631CB70A30065C12EF8E174F9F C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe --a---- 2927104 bytes [12:26 10/12/2008] [06:29 29/10/2008] 4F554999D7D5F05DAAEBBA7B5BA1089D C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe --a---- 2927616 bytes [12:26 10/12/2008] [03:59 30/10/2008] 50BA5850147410CDE89C523AD3BC606E C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe --a---- 2926592 bytes [13:45 24/09/2009] [06:27 11/04/2009] D07D4C3038F3578FFCE1C0237F2A1253 -= EOF =-
  12. Seemed to be a lot quicker than last time, still some IE pop ups though and explorer.exe seems to be still infected ComboFix 10-11-18.01 - derek 11/18/2010 23:22:46.3.2 - x86 NETWORK Microsoft
  13. No errors from the command line it said "File copied"
  14. I keep getting "the syntax of the command is incorrect" when trying to rename.
  15. I have it on a USB stick and on the infected PC's Desktop
  16. I managed to extract a copy of explorer.exe from the Vista DVD, how do I get the file to copy over to the infected PC? Obviously explorer.exe is always in use? Do I need to use the command line?
  17. I inserted the disc, and I can't see a windows folder, there is 5 folders Boot Efi Sources Support Upgrade
  18. No its Windows 7, the infected one is vista. I do have a Vista DVD, but its from a different computer would that work?
  19. I do have it, but no idea where, could be in storage somewhere.
  20. AFT Cleaner completed fine. ComboFix completed its scan, then it restarted the computer, on restart 12 IE browsers opened along with ComboFix causing the computer to lock up for 15 mins, then the combo fix log popped up - ComboFix 10-11-18.01 - derek 11/18/2010 21:02:44.2.2 - x86 NETWORK Microsoft
  21. No, they were pasted from the logfile. Won't run in normal mode - IE opens multiple times, then multiple windows warnings - "visual Assist X has stopped working" Desktop eventually locks up and I have to power off.
  22. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:16:23, on 11/18/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18975) Boot mode: Safe mode with network support Running processes: C:\Windows\Explorer.EXE C:\Users\derek\Desktop\Hijackhis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://derekholyhead.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MT3707 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open image in PhotoME... - C:\Program Files\PhotoME\iemenuext.html O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\\DownloadPDF.exe O15 - Trusted Zone: http://list1.111222.cn O15 - Trusted Zone: http://kan.pps.tv O15 - Trusted Zone: http://list1.pps.tv O15 - Trusted Zone: http://tvguide.pps.tv O15 - Trusted Zone: http://vodguide.pps.tv O15 - Trusted Zone: http://list1.ppstream.com O15 - Trusted Zone: http://notice.ppstream.com O15 - Trusted Zone: http://xml1.ppstream.com O15 - Trusted Zone: http://xml2.ppstream.com O15 - Trusted Zone: http://xml3.ppstream.com O15 - Trusted Zone: http://list1.ppstream.net O15 - Trusted Zone: http://list1.ppstv.com O15 - Trusted Zone: http://list1.ppstv.net O15 - ESC Trusted Zone: http://list1.111222.cn O15 - ESC Trusted Zone: http://kan.pps.tv O15 - ESC Trusted Zone: http://list1.pps.tv O15 - ESC Trusted Zone: http://tvguide.pps.tv O15 - ESC Trusted Zone: http://vodguide.pps.tv O15 - ESC Trusted Zone: http://list1.ppstream.com O15 - ESC Trusted Zone: http://notice.ppstream.com O15 - ESC Trusted Zone: http://xml1.ppstream.com O15 - ESC Trusted Zone: http://xml2.ppstream.com O15 - ESC Trusted Zone: http://xml3.ppstream.com O15 - ESC Trusted Zone: http://list1.ppstream.net O15 - ESC Trusted Zone: http://list1.ppstv.com O15 - ESC Trusted Zone: http://list1.ppstv.net O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) - http://u3.sandisk.com/download/apps/LPInstaller.CAB O16 - DPF: {F84E0B64-1E86-4640-8094-5B38CEB28C1E} (SkyFex Client Object) - https://skyfex.com/download/SkyFexClient.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/legacy/ractrl.cab?lmi=100 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Wireless AutoSwitch - Unknown owner - C:\Program.exe (file missing) -- End of file - 8745 bytes
  23. OK, I have done everything - "Use a proxy server for your LAN" was already unchecked in IE. Internet not working in IE after restart, internet is working in Firefox. MBAM Updated. Still random IE popups and active x stopped working warnings.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.