Recent virus, lost Libraries, Thunderbird & Catalyst CC won't open.

Page 2 of 4 FirstFirst 1234 LastLast

  1. Posts : 143
    32 bit
       #11

    Grinler's UNHIDE tool should restore them and resolve catalyst error but before that follow cottonball's suggestion to remove infections.
      My Computer


  2. Posts : 2,470
    Windows 7 Home Premium
       #12

    Slartybart and shawn77,

    Thanks for the info!!

    That is exactly where we are headed, get rid of the malware, and then, use Grinler's unhide.exe

    RogueKiller, and in particular, FRST, should identify the Rootkit and anything else that is lurking in that system.

    Trying to reveal the files and folders now is probably an exercise in futility...
      My Computer


  3. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #13

    Files should be in %temp%\smtmp\1,2,3,4


    %Temp%\smtmp\1 files in there will go C:\ProgramData\Microsoft\Windows\Start Menu

    %Temp%\smtmp\2 files in there will go to C:\Users\<your login name here>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

    %Temp%\smtmp\3 will in there will go to C:\Users\<your login name here>\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar

    %Temp%\smtmp\4 files inside there will go to C:\Users\Public\Desktop

    Save the smtmp folder to a flash drive. Then remove the virus . Don't run any temp files remover programs like Ccleaner .
      My Computer


  4. Posts : 2,470
    Windows 7 Home Premium
       #14

    Thanks for the info, VistaKing!

    Y'all making this easier, keep 'em coming!
      My Computer


  5. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #15

    No problem , Cottonball .
      My Computer


  6. Posts : 12
    Windows 7 home premium 32bit
    Thread Starter
       #16

    here is the text of the Rogue Killer report (hope I did this correctly).

    RogueKiller V8.5.1 [Feb 21 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : RogueKiller - Geeks to Go Forums
    Website : Download RogueKiller (Official website)
    Blog : tigzy-RK
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : mom [Admin rights]
    Mode : Scan -- Date : 02/22/2013 11:58:29
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 6 ¤¤¤
    [SUSP PATH] zuqeanypyqyb.exe -- C:\Users\mom\zuqeanypyqyb.exe [-] -> KILLED [TermProc]
    [SUSP PATH] exp7E33.tmp.exe -- C:\Users\mom\AppData\Local\Temp\exp7E33.tmp.exe [-] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> KILLED [TermProc]
    [SVCHOST] svchost.exe -- C:\Windows\System32\svchost.exe [x] -> KILLED [TermProc]
    ¤¤¤ Registry Entries : 6 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : KB01192703.exe ("C:\Users\mom\AppData\Roaming\KB01192703.exe") [-] -> FOUND
    [RUN][SUSP PATH] HKCU\[...]\Run : zuqeanypyqyb (C:\Users\mom\zuqeanypyqyb.exe) [-] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-4093826796-1630646369-247549289-1000[...]\Run : KB01192703.exe ("C:\Users\mom\AppData\Roaming\KB01192703.exe") [-] -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-4093826796-1630646369-247549289-1000[...]\Run : zuqeanypyqyb (C:\Users\mom\zuqeanypyqyb.exe) [-] -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-21-4093826796-1630646369-247549289-1000\$32bf8f5f13097800106f306c78257dcb\n [-] --> FOUND
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-4093826796-1630646369-247549289-1000\$32bf8f5f13097800106f306c78257dcb\@ [-] --> FOUND
    [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-4093826796-1630646369-247549289-1000\$32bf8f5f13097800106f306c78257dcb\U --> FOUND
    [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-4093826796-1630646369-247549289-1000\$32bf8f5f13097800106f306c78257dcb\L --> FOUND
    ¤¤¤ Driver : [LOADED] ¤¤¤
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\windows\system32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK2555GSX ATA Device +++++
    --- User ---
    [MBR] ecb72268cfc86f4eba0f32634df3dadc
    [BSP] 115bdc51753a8a8a697d04b3e5af154d : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228693 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 471437312 | Size: 8281 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[1]_S_02222013_02d1158.txt >>
    RKreport[1]_S_02222013_02d1158.txt
      My Computer


  7. Posts : 12
    Windows 7 home premium 32bit
    Thread Starter
       #17

    I am not allowed to post the text from the FRST.txt file...it is too many characters? I can upload the file by FTP to my page, if that will work?
      My Computer


  8. Posts : 12
    Windows 7 home premium 32bit
    Thread Starter
       #18

    The FRST.txt file is here:

    http://users.frii.com/viciii3/FRST.txt
      My Computer


  9. Posts : 2,470
    Windows 7 Home Premium
       #19

    Please run RogueKiller once again:

    Close all windows and browsers
    Right-click RogueKiller and select 'Run as Administrator'

    Wait until the Prescan finishes
    The Status box shows PreScan Finished
    Press: Scan

    When done, on the right, click: Delete (or Remove)
    Wait until the Status box shows: Deleting Finished
    Click on Report and provide the content of the new Rkreport (Mode: Remove) in your reply.
      My Computer


  10. Posts : 6,830
    Windows 7 Ultimate 32-Bit & Windows 7 Ultimate 64-Bit
       #20

    Looking at the FRST.txt . I see that you have an adware by the name of Conduit. Also random numbers.exe running which is located inside your registry .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run : KB01192703.exe
    C:\Users\mom\AppData\ Roaming\KB01192703.exe

    Download Malwarebytes by clicking on this link Malwarebytes Anti-Malware - CNET Download.com and click on Download Now . Install the program update the definitions and click on start trial . On the Scanner tab, make sure the Perform full scan option is selected and then click on the Scan button to start scanning your computer for infections.

    ** Don't worry it will remove what ever it finds even though its a trial version .
      My Computer


 
Page 2 of 4 FirstFirst 1234 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:14.
Find Us