Files still hidden after smart hdd removal and unhide.exe
- Thread starter bigdaddydawg
- Start date
- Jan 24, 2011
- 9,378
Hi and welcome to the MALWARE TIPS forums!
I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Step 1 : Download and run Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
Step 2 : Download and run OTL
You've already downloaded OTL (Download link is here) so just double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.
Questions:
1.If you go to eg: C:\Program Files(x86) and open a folder you aren't able to see its content?
I'm Jack and I am going to try to assist you with your problem. Please take note of the below:
- I will start working on your malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for this issue on this machine!
- The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
- If you don't know, stop and ask! Don't keep going on.
- Please reply to this thread. Do not start a new topic.
- Refrain from running self fixes as this will hinder the malware removal process.
- It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Before we start:
Please be aware that removing malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Step 1 : Download and run Combofix
Download ComboFix from one of the following locations:
Link 1
Link 2
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
- Double click on ComboFix.exe & follow the prompts.
- Accept the disclaimer and allow to update if it asks
- When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programms being marked for deletion then reboot, that will cure it.
Step 2 : Download and run OTL
You've already downloaded OTL (Download link is here) so just double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in:
Code:
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINTClick the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please attach them in your next reply.
Questions:
1.If you go to eg: C:\Program Files(x86) and open a folder you aren't able to see its content?
Thanks Jack. I really appreciate it. If I go to c:\program files, i am able to see some files but others are missing such as microsoft word. I dont think the extras file is changed but i attached it anyway.
- Jan 24, 2011
- 9,378
Sorry for the delay bigdaddydawg, I was gone on a short vacation. 
How is your PC running right now?Any problems?
I'll take a look at your logs and if need it , I'll provide a fix. In the mean time lets try to run again unhide.exe
How is your PC running right now?Any problems?
I'll take a look at your logs and if need it , I'll provide a fix. In the mean time lets try to run again unhide.exe
- Download Unhide.exe - http://download.bleepingcomputer.com/grinler/unhide.exe
- Please let the program run and when it will complete its task , it will generate a log,then restart your computer.
- Post the log in your next reply.
no need for you to apologize for any delay. i really am grateful for your help.
i ran unhide again but still getting several folders that are saying they are empty. here is the log.
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 06/06/2012 11:11:53 PM
Windows Version: Windows 7
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 375418 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 153 files processed.
The C:\Users\Johnny\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Restarting Explorer.exe in order to apply changes.
Program finished at: 06/06/2012 11:17:32 PM
Execution time: 0 hours(s), 5 minute(s), and 38 seconds(s)
i ran unhide again but still getting several folders that are saying they are empty. here is the log.
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 06/06/2012 11:11:53 PM
Windows Version: Windows 7
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 375418 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 153 files processed.
The C:\Users\Johnny\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Restarting Explorer.exe in order to apply changes.
Program finished at: 06/06/2012 11:17:32 PM
Execution time: 0 hours(s), 5 minute(s), and 38 seconds(s)
- Jan 24, 2011
- 9,378
- Right click on your Windows Start menu and select Properties.
- Next put a check mark on
Store and display recently opened programs in the start menu
Store and display recently opened items in the start menu and taskbar
- Click on Customize and click on Use default settings at the bottom
- Browse to
Code:C:\ProgramData\Microsoft\Windows
- Right click on Start Menu folder and click on Restore previous versions
- Now select a snapshot before you were infected by the rogue,click on restore
Do you have any recent System restore points before the infection?
Awesome! That worked for the start menu. However, folders are still giving me the "Folder is Empty" message. I can still see the contents of some of the folders by searching for it. Any suggestions?
j
j
actually, the problem is with my personal data files. documents, pics, etc. folders are still there but when i explore a folder it is showing that all of my files are gone - hence folder is empty. however if i know the name of a file i can search and it finds it
- Jan 24, 2011
- 9,378
Ok,try this :
1.Go to the folders where you see the 'Folder is empty' message and right click it and then select 'Properties'
[attachment=1564]
2.On the new open window select the 'Previous versions' tab,and select a snapshot before you were infected by the rogue,then click on restore.
[attachment=1565]
1.Go to the folders where you see the 'Folder is empty' message and right click it and then select 'Properties'
[attachment=1564]
2.On the new open window select the 'Previous versions' tab,and select a snapshot before you were infected by the rogue,then click on restore.
[attachment=1565]
Attachments
Unfortunately, the restored versions available were all after the infection date. I am kinda feeling that we are running out of options. Time to throw in the towel?
- Jan 24, 2011
- 9,378
Well,that's unlucky ...
Download <><a title="External link" href="http://www.tweaking.com/content/page/windows_repair_all_in_one.html" rel="external">Windows Repair by Tweaking.com</a></> to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com
<ol>
<li>Double-click <>tweaking.com_windows_repair_aio.zip</> and extract the <>Tweaking.com - Windows Repair</> folder to your desktop.</li>
<li>Now open this folder and double-click <>Repair_Windows.exe</>.</li>
<li>Click the <>Start Repairs</> tab on the far right.</li>
<li>Click the <>Start</> button (bottom right)
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.</li>
<li>Click <>Unselect All</></li>
<li>Put a checkmark in the following items:
<ul>
<li>Unhide Non System Files</li>
<li>Remove Policies Set By Infections</li>
</ul>
Note: Leave everything else unchecked</li>
<li>Put a checkmark in <>Restart System When Finished</></li>
<li>Now click the <>Start</> button (bottom right)</li>
</ol>
Download <><a title="External link" href="http://www.tweaking.com/content/page/windows_repair_all_in_one.html" rel="external">Windows Repair by Tweaking.com</a></> to your desktop. Use the direct download link for the Portable version of Windows Repair by Tweaking.com
<ol>
<li>Double-click <>tweaking.com_windows_repair_aio.zip</> and extract the <>Tweaking.com - Windows Repair</> folder to your desktop.</li>
<li>Now open this folder and double-click <>Repair_Windows.exe</>.</li>
<li>Click the <>Start Repairs</> tab on the far right.</li>
<li>Click the <>Start</> button (bottom right)
Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.</li>
<li>Click <>Unselect All</></li>
<li>Put a checkmark in the following items:
<ul>
<li>Unhide Non System Files</li>
<li>Remove Policies Set By Infections</li>
</ul>
Note: Leave everything else unchecked</li>
<li>Put a checkmark in <>Restart System When Finished</></li>
<li>Now click the <>Start</> button (bottom right)</li>
</ol>
Last edited:
- Jan 24, 2011
- 9,378
Run a scan with RogueKiller
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">RogueKiller Download Link</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>
The report has been created on the desktop.In your next reply please post:
All RKreport.txt text files located on your desktop.
<hr />
<ol>
<li>Please <>download the latest official version of </><>RogueKiller</>.
<a href="http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe" rel="nofollow" target="_blank">RogueKiller Download Link</a> (This link will automatically download RogueKiller on your computer)</li>
<li><>Double click on RogueKiller.exe</> to start this utility and then <>wait for the Prescan to complete</>.This should take only a few seconds and then you can <>click the Start button</> to perform a system scan.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-1.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
<li>After the scan has completed, <>press the Delete button</> to remove any malicious registry keys.
<img title="Press Delete to remove the malicious registry keys" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-2.png" alt="[Image: roguekiller-2.png]" width="600" height="450" border="0" /></li>
<li>Next we will need to restore your shortcuts, <>so click on the ShortcutsFix button </>and allow the program to run.
<img title="Click on the Start button to perform a system scan" src="http://malwaretips.com/blogs/wp-content/uploads/2012/04/roguek-3.png" alt="[Image: roguekiller-1.png]" width="600" height="450" border="0" /></li>
</ol>
The report has been created on the desktop.In your next reply please post:
All RKreport.txt text files located on your desktop.
<hr />
Last edited:
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Johnny [Admin rights]
Mode: Scan -- Date: 07/15/2012 17:44:53
¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] LULnchr.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe -> KILLED [TermProc]
[SUSP PATH] LogitechUpdate.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe -> KILLED [TermProc]
[SUSP PATH] 20.0.1132.57_19.0.1084.56_chrome_updater.exe -- C:\Users\Johnny\AppData\Local\Google\Update\Install\{A9DE6921-8874-4C73-B2DC-5EE7386EDC25}\20.0.1132.57_19.0.1084.56_chrome_updater.exe -> KILLED [TermProc]
[SUSP PATH] setup.exe -- C:\Users\Johnny\AppData\Local\Temp\CR_5D4D2.tmp\setup.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] 5b59486f2e431819d11fc32fa3a34213
[BSP] 346b64ba3606b9c23b53a66f6abcac30 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Johnny [Admin rights]
Mode: Remove -- Date: 07/15/2012 17:45:17
¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] LULnchr.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe -> KILLED [TermProc]
[SUSP PATH] LogitechUpdate.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe -> KILLED [TermProc]
[SUSP PATH] 20.0.1132.57_19.0.1084.56_chrome_updater.exe -- C:\Users\Johnny\AppData\Local\Google\Update\Install\{A9DE6921-8874-4C73-B2DC-5EE7386EDC25}\20.0.1132.57_19.0.1084.56_chrome_updater.exe -> KILLED [TermProc]
[SUSP PATH] setup.exe -- C:\Users\Johnny\AppData\Local\Temp\CR_5D4D2.tmp\setup.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] 5b59486f2e431819d11fc32fa3a34213
[BSP] 346b64ba3606b9c23b53a66f6abcac30 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Johnny [Admin rights]
Mode: Scan -- Date: 07/15/2012 17:44:53
¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] LULnchr.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe -> KILLED [TermProc]
[SUSP PATH] LogitechUpdate.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe -> KILLED [TermProc]
[SUSP PATH] 20.0.1132.57_19.0.1084.56_chrome_updater.exe -- C:\Users\Johnny\AppData\Local\Google\Update\Install\{A9DE6921-8874-4C73-B2DC-5EE7386EDC25}\20.0.1132.57_19.0.1084.56_chrome_updater.exe -> KILLED [TermProc]
[SUSP PATH] setup.exe -- C:\Users\Johnny\AppData\Local\Temp\CR_5D4D2.tmp\setup.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] 5b59486f2e431819d11fc32fa3a34213
[BSP] 346b64ba3606b9c23b53a66f6abcac30 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Johnny [Admin rights]
Mode: Remove -- Date: 07/15/2012 17:45:17
¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] LULnchr.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe -> KILLED [TermProc]
[SUSP PATH] LogitechUpdate.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe -> KILLED [TermProc]
[SUSP PATH] 20.0.1132.57_19.0.1084.56_chrome_updater.exe -- C:\Users\Johnny\AppData\Local\Google\Update\Install\{A9DE6921-8874-4C73-B2DC-5EE7386EDC25}\20.0.1132.57_19.0.1084.56_chrome_updater.exe -> KILLED [TermProc]
[SUSP PATH] setup.exe -- C:\Users\Johnny\AppData\Local\Temp\CR_5D4D2.tmp\setup.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-75A7B0 ATA Device +++++
--- User ---
[MBR] 5b59486f2e431819d11fc32fa3a34213
[BSP] 346b64ba3606b9c23b53a66f6abcac30 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 129024 | Size: 15360 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt
RogueKiller V7.6.3 [07/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Johnny [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/15/2012 17:46:36
¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] LULnchr.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe -> KILLED [TermProc]
[SUSP PATH] LogitechUpdate.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe -> KILLED [TermProc]
[SUSP PATH] 20.0.1132.57_19.0.1084.56_chrome_updater.exe -- C:\Users\Johnny\AppData\Local\Google\Update\Install\{A9DE6921-8874-4C73-B2DC-5EE7386EDC25}\20.0.1132.57_19.0.1084.56_chrome_updater.exe -> KILLED [TermProc]
[SUSP PATH] setup.exe -- C:\Users\Johnny\AppData\Local\Temp\CR_5D4D2.tmp\setup.exe -> KILLED [TermProc]
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 26 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 122 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Johnny [Admin rights]
Mode: Shortcuts HJfix -- Date: 07/15/2012 17:46:36
¤¤¤ Bad processes: 4 ¤¤¤
[SUSP PATH] LULnchr.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LULnchr.exe -> KILLED [TermProc]
[SUSP PATH] LogitechUpdate.exe -- C:\Users\Johnny\AppData\Local\Logitech® Webcam Software\Logishrd\LU2.0\LogitechUpdate.exe -> KILLED [TermProc]
[SUSP PATH] 20.0.1132.57_19.0.1084.56_chrome_updater.exe -- C:\Users\Johnny\AppData\Local\Google\Update\Install\{A9DE6921-8874-4C73-B2DC-5EE7386EDC25}\20.0.1132.57_19.0.1084.56_chrome_updater.exe -> KILLED [TermProc]
[SUSP PATH] setup.exe -- C:\Users\Johnny\AppData\Local\Temp\CR_5D4D2.tmp\setup.exe -> KILLED [TermProc]
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 26 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 122 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
¤¤¤ Infection : ¤¤¤
Finished : << RKreport[8].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
- Jan 24, 2011
- 9,378
STEP 1. Run a scan with Kaspersky Virus Removal Tool
Click <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow external" rel="nofollow"><>here</></a> to download the Kaspersky Virus Removal Tool.
<ol>
<li>Save it to your desktop.</li>
<li>Double click the setup file to run it.</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />
STEP 2. Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility.
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET Online Scanner Download Link</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
What's next?
Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.Kaspersky log
2.ESET log
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!
Click <a title="External link" href="http://www.kaspersky.com/antivirus-removal-tool?form=1" rel="nofollow external" rel="nofollow"><>here</></a> to download the Kaspersky Virus Removal Tool.
<ol>
<li>Save it to your desktop.</li>
<li>Double click the setup file to run it.</li>
<li>Follow the onscreen prompts until it is installed</li>
<li>Click the Options button (the 'Gear' icon), then make sure only the following are ticked:
<ul>
<li><span style="color: #ff0000;">System Memory</span></li>
<li><span style="color: #ff0000;">Hidden startup objects</span></li>
<li><span style="color: #ff0000;">Disk boot sectors</span></li>
<li><span style="color: #ff0000;">Local Disk (C: )</span></li>
<li><span style="color: #ff0000;">Also any other drives (Removable that you may have)</span></li>
</ul>
</li>
<li>Then click on <>Actions</> on the left hand side</li>
<li>Click <>Select Action</>, then make sure both <>Disinfect</> and <>Delete if disinfection fails</> are ticked</li>
<li>Click on <>Automatic Scan</></li>
<li>Now click the <>Start Scanning</> button, to run the scan</li>
<li>After the scan is complete, click the reports button ('Paper icon', next to the 'Gear' icon) on the right hand side</li>
<li>Click <>Detected threats</> on the left</li>
<li>Now click the <>Save</> button, and save it as <>kaslog.txt</> to your <>Desktop</></li>
<li>Please attach kaslog.txt in your next reply.</li>
</ol>
<hr />
STEP 2. Run a scan with ESET Online Scanner
<ol>
<li>Download ESET Online Scanner utility.
<><a title="External link" href="http://download.eset.com/special/eos/esetsmartinstaller_enu.exe" rel="nofollow">ESET Online Scanner Download Link</a></> <em>(This link will automatically download ESET Online Scanner on your computer.)</em></li>
<li>Double click on the Eset installer program (esetsmartinstaller_enu.exe).</li>
<li>Check <>Yes, I accept the Terms of Use</></li>
<li>Click the <>Start</> button.</li>
<li>Check <>Scan archives</></li>
<li>Push the <>Start</> button.</li>
<li>ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.</li>
<li>When the scan completes, push <>List of found threats</></li>
<li>Push <>Export to Text file </> and save the file to your desktop using a unique name, such as <>ESET Scan</>. Include the contents of this report in your next reply.Note - when ESET doesn't find any threats, no report will be created.</li>
<li>Push the <>back</> button.</li>
<li>Push <>Finish</></li>
</ol>
<hr />
What's next?
Attach the following logs to your post (You can find here details on how to use the Attachment System):
1.Kaspersky log
2.ESET log
3.Let me know if you had any problems with the above instructions and also let me know how things are running now!
Last edited:
Similar threads
