[skookum]

Nope, i open AppData all is well, double click Local and Windows Explorer vanishes.

aswMBR wont let me scan same error as before, Only options it gives me is FixMBR/Save Log/Exit.

[Advertisements]

OK. Try this:

Go here and download Mischel's MBR Backup to your desktop, then click MBRBackup.exe to start the utility.

Save MBR:

Click Save MBR, and save that file to your desktop. Then close MBR Backup.

(The file is always pre-named MBR_year_month_day.bin - MBR_2011_05_27.bin for example)

Zip that file and attach it in your next reply.

How to add an attachment to a new topic or reply

[Render]

OK. Try this:

Go here and download Mischel's MBR Backup to your desktop, then click MBRBackup.exe to start the utility.

Save MBR:

Click Save MBR, and save that file to your desktop. Then close MBR Backup.

(The file is always pre-named MBR_year_month_day.bin - MBR_2011_05_27.bin for example)

Zip that file and attach it in your next reply.

How to add an attachment to a new topic or reply

[skookum]

MBR record problem,"Error You aren't permitted to upload this kind of file" wont let me attatch my 7zip or rar file, my winzip evaluation period has expired.

[Render]

Just rename extension from 7z to txt.

BTW, with 7-zip you can also compress files to zip.

And from Win XP SP3 and later just right-click on file then Send to and then Compressed (zipped) folder.

[skookum]

Silly me.

Attached Files

•  MBR_2011-05-31.zip   609bytes   137 downloads

[Render]

MBR seems clean and that's good.

Let's perform general scan now. That scan can take several hours so I recommend you to do it just before you go to sleep.

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

• On the first tab select all elements down to Computer (included) and then select start scan
• Once it has finished select report and post that.

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan

• Select the Manual Disinfection tab
• Press the Gather System Information button
• Once done Open the last report saved folder then attach the zip file to your next post zip
• The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

How to add an attachment to a new topic or reply

[skookum]

Scan completed.

Disinfection file attached.  avptool_sysinfo.zip   21.57KB   140 downloads

[Render]

OK. How about first part of the scan? Came out clean?

Do the following please:

Go to Start > All Programs > Accessories
Right click Command Prompt and select Run as administrator
When the prompt opens type the following bolded text and press enter

sfc /scannow (Note: There is a space between sfc and /scannow)

On completion reboot

Let me know then if there is any improvement

[skookum]

I'm unsure about the first scan. When i woke and looked, kaspersky had finished and there was no prompt to do anything.

sfc /scan now came up all clear.

Vista now boots in a 1/3 the time it used to.

Browsing to the AppData folder seemed to be good but after 10 or so seconds Explorer vanished again.

I notice in the Kaspersky sysinfo report


DRIVERS
C:\Program Files\Virgin Media\Security\BitDefender\profos.sys
C:\Windows\system32\Drivers\RAMDiskVE.sys
C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys

Virgin Media security & RAMDisk i uninstalled weeks ago.


Also i notice in

Windows Explorer extension modulesWindows Explorer extension modules

C:\PROGRA~1\E-Press\ONE\CONTEX~1.DLL (EasyZip)
That bloody program has been a thorn in my side for over two years now, can we get it exterminated please.

Haali Matroska Thumbnail Exctractor (i never knowingly installed it)


Using other explorer software i notice in the AppData folder, there are 3 files not in a folder, they never used to be there i think.

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
GDIPFONTCACHEV1.DAT
IconCache.db

[Render]

OK. You are now using Avast AV so we will now remove BitDefender's, Ramdisk, EasyZip and Haali Matroska files.

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
GDIPFONTCACHEV1.DAT
IconCache.db

Leave these files. They are all legit.

Using other explorer software i notice in the ...

What is that "other explorer software"?

Please follow the steps below:

Step 1

• Re-run AVPTool
• Select the Manual Disinfection tab
• Where it states Step 3 paste in the following disinfection script and press execute
  
  

  begin
  SetAVZPMStatus(True);
  SearchRootkit(true, true);
  SetAVZGuardStatus(True);
   DelCLSID('{0561EC90-CE54-4f0c-9C55-E226110A740C}');
   DelCLSID('{5574006C-28F5-4a65-A28C-74DE6BFBE0BB}');
   DelCLSID('{327669A0-59A7-4be9-B99E-1C9F3A57611A}');
   DeleteFile('C:\Program Files\Virgin Media\Security\BitDefender\profos.sys');
   BC_DeleteFile('C:\Program Files\Virgin Media\Security\BitDefender\profos.sys');
   DeleteFile('C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys');
   BC_DeleteFile('C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys');
   DeleteFile('C:\Windows\system32\Drivers\RAMDiskVE.sys');
   BC_DeleteFile('C:\Windows\system32\Drivers\RAMDiskVE.sys');
   DeleteFile('C:\PROGRA~1\E-Press\ONE\CONTEX~1.DLL');
   BC_DeleteFile('C:\PROGRA~1\E-Press\ONE\CONTEX~1.DLL');
  BC_ImportDeletedList;
  ExecuteSysClean;
  BC_Activate;
  RebootWindows(true);
  end.

• Your system will reboot on completion, if it does not please do so yourself
• On completion please run another analysis scan and attach the zip file

Step 2

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

• Open Malwarebytes' Anti-Malware.
• Select the Update tab.
• Click on Check for Updates button.
• Click on OK.
• Select the Scanner tab.
• Select Perform quick scan, then click on Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

[skookum]

After the disinfection computer rebooted.

Now all the icons on my desktop vanish for 2 second the reappear then vanaish again, stuck in a loop.

ctrl/alt/del task manager shows procsses Explorer using 80%CPU.

I'm on the laptop as i cant do anything on the desktop pc now.

Rebooting under safe mode same result.

Edited by skookum, 31 May 2011 - 11:01 AM.

[Render]

OK. Try to boot into Safe mode with networking and see if there is same situation.

To restart the computer in safe mode

Reboot then continually press F8 as the system starts booting
Once a menu appears select safe mode

[skookum]

My desktop pc is dual boot with ubuntu, when i booted ubuntu it said on boot up "the disk contains an unclean file system (0,0)" windows was not shut down correctly.
So i rebooted f8 selected last good configuration (or words like that) now its doing a chkdsk finding all sorts of crap.
Rebooted and BSOD. Ah crap.

Edited by skookum, 31 May 2011 - 11:19 AM.

[skookum]

Rebooted safe mode with networking, seemed good for 30 seconds, now icons vanish loop again.

[skookum]

Hotkey on keyboard to open browser (firefox) works, i'm using it to send this post.