Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Recent virus, lost Libraries, Thunderbird & Catalyst CC won't open.

22 Feb 2013   #21
cottonball

Windows 7 Home Premium
 
 

VistaKing,


FRST can remove those entries using a fixlist.txt run from the System Recovery Options/Command Prompt.

If Malwarebytes picks them up, that is fine also.

In any event, we can run FRST once again later...


My System SpecsSystem Spec
.
23 Feb 2013   #22
viciii3

Windows 7 home premium 32bit
 
 

RogueKiller V8.5.1 [Feb 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : mom [Admin rights]
Mode : Remove -- Date : 02/23/2013 10:58:08
| ARK || FAK || MBR |
Bad processes : 1
[SUSP PATH] zuqeanypyqyb.exe -- C:\Users\mom\zuqeanypyqyb.exe [-] -> KILLED [TermProc]
Registry Entries : 4
[RUN][SUSP PATH] HKCU\[...]\Run : zuqeanypyqyb (C:\Users\mom\zuqeanypyqyb.exe) [-] -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : KB01192703.exe ("C:\Users\mom\AppData\Roaming\KB01192703.exe") [x] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
Particular Files / Folders:
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-4093826796-1630646369-247549289-1000\$32bf8f5f13097800106f306c78257dcb\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-4093826796-1630646369-247549289-1000\$32bf8f5f13097800106f306c78257dcb\L --> REMOVED
Driver : [LOADED]
Infection : ZeroAccess
HOSTS File:
--> C:\windows\system32\drivers\etc\hosts

MBR Check:
+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] ecb72268cfc86f4eba0f32634df3dadc
[BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3]_D_02232013_02d1058.txt >>
RKreport[1]_S_02222013_02d1158.txt ; RKreport[2]_S_02232013_02d1056.txt ; RKreport[3]_D_02232013_02d1058.txt
My System SpecsSystem Spec
23 Feb 2013   #23
cottonball

Windows 7 Home Premium
 
 

Good job, viciii3!

Please run RogueKiller once again, and this time do a Scan, like in Post #8
and post the RKreport (Mode: Scan) in your reply.



Also, let's useunhide.exe to see if we can reveal Files and Folders hidden by the infection...

Download unhide.exe:
http://download.bleepingcomputer.com/grinler/unhide.exe
Save to the Desktop.

Double-click on the Unhide icon to run the program.
(Note: this program does not unhide files and folders in removable drives)

Screenshot:


When done, the program displays an alert stating that your files are restored.

Reboot your computer for the settings to go into effect.

Are your folders visible again?
My System SpecsSystem Spec
.

23 Feb 2013   #24
viciii3

Windows 7 home premium 32bit
 
 

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : Download RogueKiller (Official website)
Blog : tigzy-RK
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : mom [Admin rights]
Mode : Scan -- Date : 02/23/2013 17:10:32
| ARK || FAK || MBR |
Bad processes : 0
Registry Entries : 0
Particular Files / Folders:
Driver : [LOADED]
HOSTS File:
--> C:\windows\system32\drivers\etc\hosts

MBR Check:
+++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
--- User ---
[MBR] ecb72268cfc86f4eba0f32634df3dadc
[BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[4]_S_02232013_02d1710.txt >>
RKreport[3]_D_02232013_02d1058.txt ; RKreport[4]_S_02232013_02d1710.txt
My System SpecsSystem Spec
23 Feb 2013   #25
viciii3

Windows 7 home premium 32bit
 
 

Ladies and gentlemen...all the missing files are restored, the CCC error message is gone and we appear to be back!! Very nice work. My wife and I (she says you and I are "Awesome!"...I say it's all you ) appreciate the help and patience you have given. I will wait to hear from you before marking this thread as solved...just in case you have something more you wish me to check. Note that I deleted Thunderbird entirely and will do a clean install of it later...nothing much was lost with that deletion.

Cheers!

Vic
My System SpecsSystem Spec
23 Feb 2013   #26
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Well done! now give that dog a bone - click on the scales icon on one of Cottontail's posts
My System SpecsSystem Spec
23 Feb 2013   #27
cottonball

Windows 7 Home Premium
 
 

Great news viciii3, for you and the Mrs.!!

As for the "bone", this was a team effort. VistaKing, Slartybart, and shawn77, all contributed, and all deserve a "bone"!

However, don't want you to hurry off yet...

There were some nasties on that machine, and we want to make sure they are gone.

Let's go back to the USB flash drive that has FRST...

Please plug the flash drive into the infected computer.

>>> Restart.

As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Boot Options menu appears.

Use the arrow keys to select the Repair your computer menu item.

Select your language settings, and click: Next
Select your User account and click: OK (If you did not set a password, leave blank.)

On the System Recovery Options menu, select: Command Prompt

In the Command window, at the bliking cursor type notepad and press: Enter
In Notepad, under the File menu select: Open

Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open
Close out of Notepad.

Click the Command window
Type x:\frst.exe, and press: Enter
>>Note: Replace the drive letter x with the drive letter of your flash drive!

The tool starts and prepares to run. Follow the prompts.
Click Yes to the disclaimer.

Press: Scan

When done, the program saves the FRST.txt report, on the flash drive.
Click the Command prompt window, and type exit, and press: Enter
Back at the System Recovery Options, press: Restart

When the computer boots back into Windows, please provide the FRST.txt in your reply.
It is located in the USB flash drive.
My System SpecsSystem Spec
23 Feb 2013   #28
viciii3

Windows 7 home premium 32bit
 
 

I will get this done in the morning, cottonball.

As for bones...all you "dogs" have a fresh one to gnaw on .
My System SpecsSystem Spec
23 Feb 2013   #29
cottonball

Windows 7 Home Premium
 
 

Thank you!!

We are all glad to help.


Tomorrow is fine...do not rush.

Will probably not be here until late afternoon. Going out for a late lunch.
My System SpecsSystem Spec
24 Feb 2013   #30
Slartybart

x64 (6.3.9600) Win8.1 Pro & soon dual boot x64 (6.1.7601) Win7_SP1 HomePrem
 
 

Woof!

<('.')> ...............

Thanks viciiiiiiiiiiiii,

Bill
.
My System SpecsSystem Spec
Reply

 Recent virus, lost Libraries, Thunderbird & Catalyst CC won't open.




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Lost Thunderbird & important folders when synchronising computers!
Hi I bought a new Dell PC with Windows 8.1 and wanted to transfer files from my old PC (Windows 7) to it. I used a program called Goodsync which has a function called Goodsync Connect which connects and synchronises the 2 computers. To my horror, at the end of the synchronisation, the files from...
Backup and Restore
How do I open XP icon libraries which have libraries within them
I am new to WIN7, and have the rest of my computers running XP. I have a number of icon libraries in a folder c:\icons which contain contain icon libries within them. eg C:\icons\animals.ico contains further folders cats.ico, dogs.ico ... I have not been able to get WIN7 to open these,...
General Discussion
Help! Catalyst 12.2 wont open.
Hi, I am currently using ATI 6970 and every time I reinstall Catalyst, it works briefly, but once I restart my system, it fails to work again. I have tried uninstalling and reinstalling, I have tried using Driver Cleaner from safe mode, updating my .NET framework, I have reinstalled my...
Graphic Cards
Lost ALL Photos and Videos in Libraries/Album Art Screwed Up :o
I'm in such a mess! I'm new to Windows 7 and "Libraries". Just as I got it all figured out and organized, I seem to have really made a mess by trying to keep WMP from monitoring my video and picture libraries. Now when I click on Start/Pictures or Start/Videos it's EMPTY! Also, and I don't know...
Music, Pictures & Video
Lost Libraries
Ok this one has me a bit stumped. I have not done a lot of troubleshooting with Windows 7 in the past and the libraries are new, though I think I have them figured out. What happened to me is my Windows 7 Ultimate 32 bit machine crashed when I went to install Firefox's new browser. Computer went...
General Discussion
Win 7 SP1 cannot open Mozilla Thunderbird
Hi, Newbie here so excuse my deemed as inane questions and comments. Foolishly I installed Windows 7 SP1 Update on my kid's Toshiba Mini Notebook yesterday. They have Win 7 Starter. It locked the whole desktop and all of the programs as insufficient permissions. Uninstalled WIN 7 SP1...
Windows Updates & Activation


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 17:33.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App