Help
This topic is locked
Hi,
could you go to C:\qoobox and post the file called combofix-quarantined-files.txt. Let's see what CF deleted. Besides the empty start menu (what is really missing there? Everything? Just certain entries?) how is the PC doing?
regards myrti
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Error Messages Forcing Restart + Google Redirect Virus Program folders also appear empty. Please Help.
#16
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 22 January 2012 - 06:18 PM
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Back to top
#17
- Member
-
- Group: Members
- Posts: 56
- Joined: 03-June 11
Posted 24 January 2012 - 12:11 AM
I have some programs pinned to the Start Menu - Firefox, Chrome, iTunes, Microsoft Word, etc. But all the program files (at least the ones that I installed before the virus hit) show up as empty. So while I can use Word, for example, Excel and Power Point I cannot access. My Accessories I can use, but nothing else. I have Paint Shop on my computer, but I can't access that either, etc.
Apart from my missing programs, the computer is running fine.
I'm just posting it here since you didn't specify if you wanted it in an attachment:
2012-01-16 04:29:29 . 2012-01-16 04:29:29 136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ipyJfmDvPvAd.exe.reg.dat
2012-01-16 04:00:25 . 2012-01-16 17:22:08 14,315 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-01-16 01:57:33 . 2012-01-16 17:13:58 226 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-01-15 05:30:47 . 2012-01-15 05:30:47 0 -c--a-we C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB26439$\1856320123.vir
2012-01-15 04:40:25 . 2012-01-15 05:30:34 836 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\egukaaa.tmp.vir
2012-01-15 04:37:27 . 2012-01-15 04:37:27 456,960 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ipyJfmDvPvAd.exe.vir
2012-01-14 22:08:34 . 2012-01-14 22:08:34 809 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\qwhlaaa.tmp.vir
2012-01-14 22:05:04 . 2012-01-14 22:12:23 786 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\rwhlaaa.tmp.vir
2012-01-10 14:20:12 . 2012-01-10 14:20:12 807 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\zgxkaaa.tmp.vir
2012-01-09 08:05:46 . 2012-01-09 08:05:46 837 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\akdmdaa.tmp.vir
2012-01-09 02:19:38 . 2012-01-09 03:57:58 868 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ygxkaaa.tmp.vir
2012-01-09 01:49:54 . 2012-01-09 01:49:54 835 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\cvblaaa.tmp.vir
2012-01-06 00:36:13 . 2012-01-06 00:36:15 25,087 ----a-w- C:\Qoobox\Quarantine\C\Users\user\Documents\~WRL0005.tmp.vir
2012-01-05 17:05:42 . 2012-01-05 17:05:42 834 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\clqqcaa.tmp.vir
2011-12-20 16:50:46 . 2011-12-25 09:26:28 1,057 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\vso_ts_preview.xml.vir
2011-07-09 15:12:10 . 2011-07-09 15:12:10 744 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix\Uninstall Windows 7 Fix.lnk.vir
2011-07-09 15:12:10 . 2011-07-09 15:12:10 672 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix\Windows 7 Fix.lnk.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 2,616,320 ----a-w- C:\Qoobox\Quarantine\C\Windows\expl.dat.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 20,992 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\svch.dat.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 286,720 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\winl.dat.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 311,808 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\winlogon.exe.vir
2011-04-27 03:11:57 . 2010-11-20 12:21:33 2,641,408 ----a-w- C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir
2009-07-13 23:19:28 . 2010-11-20 12:21:33 46,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\svchost.exe.vir
As for what's up with my computer.
Apart from my missing programs, the computer is running fine.
I'm just posting it here since you didn't specify if you wanted it in an attachment:
2012-01-16 04:29:29 . 2012-01-16 04:29:29 136 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-ipyJfmDvPvAd.exe.reg.dat
2012-01-16 04:00:25 . 2012-01-16 17:22:08 14,315 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2012-01-16 01:57:33 . 2012-01-16 17:13:58 226 ----a-w- C:\Qoobox\Quarantine\catchme.log
2012-01-15 05:30:47 . 2012-01-15 05:30:47 0 -c--a-we C:\Qoobox\Quarantine\C\Windows\$NtUninstallKB26439$\1856320123.vir
2012-01-15 04:40:25 . 2012-01-15 05:30:34 836 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\egukaaa.tmp.vir
2012-01-15 04:37:27 . 2012-01-15 04:37:27 456,960 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ipyJfmDvPvAd.exe.vir
2012-01-14 22:08:34 . 2012-01-14 22:08:34 809 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\qwhlaaa.tmp.vir
2012-01-14 22:05:04 . 2012-01-14 22:12:23 786 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\rwhlaaa.tmp.vir
2012-01-10 14:20:12 . 2012-01-10 14:20:12 807 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\zgxkaaa.tmp.vir
2012-01-09 08:05:46 . 2012-01-09 08:05:46 837 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\akdmdaa.tmp.vir
2012-01-09 02:19:38 . 2012-01-09 03:57:58 868 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\ygxkaaa.tmp.vir
2012-01-09 01:49:54 . 2012-01-09 01:49:54 835 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\cvblaaa.tmp.vir
2012-01-06 00:36:13 . 2012-01-06 00:36:15 25,087 ----a-w- C:\Qoobox\Quarantine\C\Users\user\Documents\~WRL0005.tmp.vir
2012-01-05 17:05:42 . 2012-01-05 17:05:42 834 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\clqqcaa.tmp.vir
2011-12-20 16:50:46 . 2011-12-25 09:26:28 1,057 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\vso_ts_preview.xml.vir
2011-07-09 15:12:10 . 2011-07-09 15:12:10 744 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix\Uninstall Windows 7 Fix.lnk.vir
2011-07-09 15:12:10 . 2011-07-09 15:12:10 672 ----a-w- C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix\Windows 7 Fix.lnk.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 2,616,320 ----a-w- C:\Qoobox\Quarantine\C\Windows\expl.dat.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 20,992 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\svch.dat.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 286,720 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\winl.dat.vir
2011-06-21 00:44:58 . 2010-11-20 12:21:33 311,808 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\winlogon.exe.vir
2011-04-27 03:11:57 . 2010-11-20 12:21:33 2,641,408 ----a-w- C:\Qoobox\Quarantine\C\Windows\explorer.exe.vir
2009-07-13 23:19:28 . 2010-11-20 12:21:33 46,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\system32\svchost.exe.vir
As for what's up with my computer.
#18
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 24 January 2012 - 07:41 AM
Hi,
unhide isn't working for this anymore, right?
It doesn't look as if ComboFix removed anything to that aspect.
Can you open an explorer and as a path type in: %temp%. It will open your temporary folder. In that folder do you see a folder called smtmp
regards myrti
unhide isn't working for this anymore, right?
It doesn't look as if ComboFix removed anything to that aspect.
Can you open an explorer and as a path type in: %temp%. It will open your temporary folder. In that folder do you see a folder called smtmp
regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
#19
- Member
-
- Group: Members
- Posts: 56
- Joined: 03-June 11
Posted 24 January 2012 - 10:12 AM
Hello.
No, Unhide isn't working.
I checked, but I don't see the folder.
No, Unhide isn't working.
I checked, but I don't see the folder.
#20
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 24 January 2012 - 03:19 PM
Hi,
do you still have a system restore point form before you got infected?
regards myrti
do you still have a system restore point form before you got infected?
regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
#21
- Member
-
- Group: Members
- Posts: 56
- Joined: 03-June 11
Posted 24 January 2012 - 03:30 PM
I'm not sure...how do I determine that? My files have been showing "empty" since the summer.
#22
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 24 January 2012 - 05:33 PM
Hi,
so this is not a recent issue? If it is a recent issue, could you right-click on one of the empty folders in your start menu and check whether it offers you to restore to a previous version?
regards myrti
so this is not a recent issue? If it is a recent issue, could you right-click on one of the empty folders in your start menu and check whether it offers you to restore to a previous version?
regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
#23
- Member
-
- Group: Members
- Posts: 56
- Joined: 03-June 11
Posted 24 January 2012 - 07:12 PM
Hi.
I mentioned that I posted on this site for the empty folder problem when it first occurred, but I stopped getting a response after awhile. That thread is located here.
I checked, but the restore points only go back to last week (the 20th)
I mentioned that I posted on this site for the empty folder problem when it first occurred, but I stopped getting a response after awhile. That thread is located here.
I checked, but the restore points only go back to last week (the 20th)
This post has been edited by Seagreen: 24 January 2012 - 07:12 PM
#24
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 26 January 2012 - 09:44 AM
Hi,
I'm sorry to see that. SpySentinel unfortunately passed away last year.
Let's start where he left of:
Download RogueKiller to your desktop
Please post the contents of the RKreport.txt in your next Reply.
Open Notepad and copy/paste the code box below into a new text file.
I'm sorry to see that. SpySentinel unfortunately passed away last year.
Let's start where he left of:
Download RogueKiller to your desktop
- Quit all running programs
- For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
- When prompted, type 1 and validate
- The RKreport.txt shall be generated next to the executable.
- If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.
Open Notepad and copy/paste the code box below into a new text file.
@echo off dir /a "%userprofile%\Documents" >log.txt dir /ah "%userprofile%\Documents" >>log.txt log.txt
- Save the file as query.bat by choosing save as *All Files, and save it to your Desktop.
- Locate "query.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
- It will open a text file, please copy the content in your next reply.
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
#25
- Member
-
- Group: Members
- Posts: 56
- Joined: 03-June 11
Posted 28 January 2012 - 11:56 AM
I feel terrible now. I'm sorry. RIP.
I ran RogueKiller but I wasn't prompted to validate. I just clicked Scan then Report:
RogueKiller V7.0.1 [01/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date : 01/28/2012 11:48:56
¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Users\user\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\user\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\user\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
¤¤¤ Registry Entries: 11 ¤¤¤
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 001e9367ad93fa3e971a76bbfc7899e3
[BSP] 462b8c3dbb612cff6182c68898b174d0 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1572 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 239094 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 470054912 | Size: 9391 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 5926d1110bce80d485648101f06f6ca9
[BSP] 4410a602329aa3e6b81f4000d1964394 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 500107 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Query.bat:
Volume in drive C is TI100760V0G
Volume Serial Number is 20FE-9472
Directory of C:\Users\user\Documents
01/26/2012 07:56 AM <DIR> .
01/26/2012 07:56 AM <DIR> ..
12/07/2011 02:17 PM 78,257,930 12-07-05.mov
04/27/2009 12:18 PM 277,051,216 13. Ghost of a Chance, Pt. 1.avi
04/28/2009 09:00 AM 243,580,928 15 Bad To The Bone.avi
01/14/2009 10:42 AM 216,740,548 20 Changing of the Zords Part 2.avi
01/02/2011 12:55 PM 12,720 2010 BOOK LIST.docx
04/09/2011 10:23 AM 11,395 2011 booklist.docx
01/14/2009 05:44 PM 216,806,832 25 A Different Shade of Pink Part 3.avi
12/30/2008 01:47 PM 203,787,790 29Goldar_sVice-Versa.avi
01/19/2009 12:36 AM 339,382,990 43 Hogday Afternoon Part 2.avi
01/20/2009 07:44 PM 337,413,730 50 Wild West Rangers Part 1.avi
01/20/2009 08:02 PM 337,033,668 51 Wild West Rangers Part 2.avi
10/30/2011 09:55 PM 33,083 Aaron Gantz - MLK.rtf
03/29/2011 09:32 PM <DIR> AIM
06/12/2011 06:30 PM <DIR> Archived
04/01/2011 11:18 AM 32,418 cc_20110401_121651.reg
04/01/2011 12:23 PM 82 cc_20110401_132342.reg
01/25/2012 11:27 PM <DIR> ConvertXToDVD
10/22/2009 06:29 PM <DIR> Corel Paint Shop Pro X2 12.00 Retail + Keygen By Chanzky
11/28/2011 06:29 PM 13,053 Creative Exercise 14 toph-jesse.docx
11/29/2011 11:36 AM 14,409 Creative Exercise 14.docx
06/29/2011 06:59 PM 1,092 desktop.ini
09/28/2011 12:34 PM <DIR> Documents
09/19/2011 09:49 PM <DIR> DWTS S11
10/22/2009 06:29 PM <DIR> EA Games
08/17/2011 07:41 PM 24,698 entranceCounseling.action.htm
12/01/2011 01:13 AM 33,504 FABLES.rtf
12/25/2011 09:15 PM <DIR> Fall 2011
01/09/2012 07:47 AM <DIR> FANDOM
07/09/2011 06:40 PM <DIR> Favorites old
09/28/2011 11:32 AM <DIR> Freecorder 4
01/05/2012 08:22 PM 25,283 Gantz_ resume2012.docx
11/16/2011 09:50 AM 40,654 Golden Boy.rtf
10/29/2010 01:42 AM <DIR> GTA San Andreas User Files
12/22/2010 03:14 PM 86,344 INTRRUCTIONS.htm
01/28/2012 11:48 AM <DIR> JOBS
12/02/2011 07:23 AM 17,340 kibbles and bits.docx
11/29/2011 05:04 AM 16,200 LAST CREATIVE EXERCISES (13-15).docx
01/15/2012 09:49 AM <DIR> Malwarebytes' Anti-Malware
09/28/2011 11:45 AM <DIR> me
09/28/2011 02:15 PM <DIR> My eBooks
10/22/2009 06:09 PM <JUNCTION> My Music [C:\Users\user\Music]
10/22/2009 06:09 PM <JUNCTION> My Pictures [C:\Users\user\Pictures]
01/12/2012 06:40 PM <DIR> My PSP Files
10/22/2009 06:09 PM <JUNCTION> My Videos [C:\Users\user\Videos]
11/29/2011 07:04 PM <DIR> NYC pics
07/30/2011 04:02 PM 24,329,747 NYC pics.zip
10/07/2010 09:29 PM <DIR> October 2009
01/25/2012 07:48 PM 14,996 Pauline Carney.docx
10/22/2009 06:35 PM <DIR> Resumew
08/25/2011 02:09 AM <DIR> SCHOOL
09/16/2011 12:34 PM 58,948,168 setup_av_free.exe
09/28/2011 12:30 PM <DIR> Spring 2011
07/21/2011 12:17 AM <DIR> Spring2010
03/01/2011 11:58 AM <DIR> tip 2010
01/24/2012 11:24 PM 10,124 To Do @ GSU.docx
03/06/2011 03:01 AM <DIR> TUTOR 2011
12/09/2011 07:38 AM 14,560 Writing Statement.docx
01/05/2012 07:36 PM 162 ~$ntz_ resume2012.docx
30 File(s) 2,333,735,664 bytes
30 Dir(s) 27,939,266,560 bytes free
Volume in drive C is TI100760V0G
Volume Serial Number is 20FE-9472
Directory of C:\Users\user\Documents
06/29/2011 06:59 PM 1,092 desktop.ini
10/22/2009 06:09 PM <JUNCTION> My Music [C:\Users\user\Music]
10/22/2009 06:09 PM <JUNCTION> My Pictures [C:\Users\user\Pictures]
10/22/2009 06:09 PM <JUNCTION> My Videos [C:\Users\user\Videos]
1 File(s) 1,092 bytes
3 Dir(s) 27,939,262,464 bytes free
Thank you.
I ran RogueKiller but I wasn't prompted to validate. I just clicked Scan then Report:
RogueKiller V7.0.1 [01/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: user [Admin rights]
Mode: Scan -- Date : 01/28/2012 11:48:56
¤¤¤ Bad processes: 3 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Users\user\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\user\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
[SUSP PATH] FLVSrvLib.dll -- C:\Users\user\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED
¤¤¤ Registry Entries: 11 ¤¤¤
[WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 001e9367ad93fa3e971a76bbfc7899e3
[BSP] 462b8c3dbb612cff6182c68898b174d0 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1572 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 239094 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 470054912 | Size: 9391 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 5926d1110bce80d485648101f06f6ca9
[BSP] 4410a602329aa3e6b81f4000d1964394 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 500107 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Query.bat:
Volume in drive C is TI100760V0G
Volume Serial Number is 20FE-9472
Directory of C:\Users\user\Documents
01/26/2012 07:56 AM <DIR> .
01/26/2012 07:56 AM <DIR> ..
12/07/2011 02:17 PM 78,257,930 12-07-05.mov
04/27/2009 12:18 PM 277,051,216 13. Ghost of a Chance, Pt. 1.avi
04/28/2009 09:00 AM 243,580,928 15 Bad To The Bone.avi
01/14/2009 10:42 AM 216,740,548 20 Changing of the Zords Part 2.avi
01/02/2011 12:55 PM 12,720 2010 BOOK LIST.docx
04/09/2011 10:23 AM 11,395 2011 booklist.docx
01/14/2009 05:44 PM 216,806,832 25 A Different Shade of Pink Part 3.avi
12/30/2008 01:47 PM 203,787,790 29Goldar_sVice-Versa.avi
01/19/2009 12:36 AM 339,382,990 43 Hogday Afternoon Part 2.avi
01/20/2009 07:44 PM 337,413,730 50 Wild West Rangers Part 1.avi
01/20/2009 08:02 PM 337,033,668 51 Wild West Rangers Part 2.avi
10/30/2011 09:55 PM 33,083 Aaron Gantz - MLK.rtf
03/29/2011 09:32 PM <DIR> AIM
06/12/2011 06:30 PM <DIR> Archived
04/01/2011 11:18 AM 32,418 cc_20110401_121651.reg
04/01/2011 12:23 PM 82 cc_20110401_132342.reg
01/25/2012 11:27 PM <DIR> ConvertXToDVD
10/22/2009 06:29 PM <DIR> Corel Paint Shop Pro X2 12.00 Retail + Keygen By Chanzky
11/28/2011 06:29 PM 13,053 Creative Exercise 14 toph-jesse.docx
11/29/2011 11:36 AM 14,409 Creative Exercise 14.docx
06/29/2011 06:59 PM 1,092 desktop.ini
09/28/2011 12:34 PM <DIR> Documents
09/19/2011 09:49 PM <DIR> DWTS S11
10/22/2009 06:29 PM <DIR> EA Games
08/17/2011 07:41 PM 24,698 entranceCounseling.action.htm
12/01/2011 01:13 AM 33,504 FABLES.rtf
12/25/2011 09:15 PM <DIR> Fall 2011
01/09/2012 07:47 AM <DIR> FANDOM
07/09/2011 06:40 PM <DIR> Favorites old
09/28/2011 11:32 AM <DIR> Freecorder 4
01/05/2012 08:22 PM 25,283 Gantz_ resume2012.docx
11/16/2011 09:50 AM 40,654 Golden Boy.rtf
10/29/2010 01:42 AM <DIR> GTA San Andreas User Files
12/22/2010 03:14 PM 86,344 INTRRUCTIONS.htm
01/28/2012 11:48 AM <DIR> JOBS
12/02/2011 07:23 AM 17,340 kibbles and bits.docx
11/29/2011 05:04 AM 16,200 LAST CREATIVE EXERCISES (13-15).docx
01/15/2012 09:49 AM <DIR> Malwarebytes' Anti-Malware
09/28/2011 11:45 AM <DIR> me
09/28/2011 02:15 PM <DIR> My eBooks
10/22/2009 06:09 PM <JUNCTION> My Music [C:\Users\user\Music]
10/22/2009 06:09 PM <JUNCTION> My Pictures [C:\Users\user\Pictures]
01/12/2012 06:40 PM <DIR> My PSP Files
10/22/2009 06:09 PM <JUNCTION> My Videos [C:\Users\user\Videos]
11/29/2011 07:04 PM <DIR> NYC pics
07/30/2011 04:02 PM 24,329,747 NYC pics.zip
10/07/2010 09:29 PM <DIR> October 2009
01/25/2012 07:48 PM 14,996 Pauline Carney.docx
10/22/2009 06:35 PM <DIR> Resumew
08/25/2011 02:09 AM <DIR> SCHOOL
09/16/2011 12:34 PM 58,948,168 setup_av_free.exe
09/28/2011 12:30 PM <DIR> Spring 2011
07/21/2011 12:17 AM <DIR> Spring2010
03/01/2011 11:58 AM <DIR> tip 2010
01/24/2012 11:24 PM 10,124 To Do @ GSU.docx
03/06/2011 03:01 AM <DIR> TUTOR 2011
12/09/2011 07:38 AM 14,560 Writing Statement.docx
01/05/2012 07:36 PM 162 ~$ntz_ resume2012.docx
30 File(s) 2,333,735,664 bytes
30 Dir(s) 27,939,266,560 bytes free
Volume in drive C is TI100760V0G
Volume Serial Number is 20FE-9472
Directory of C:\Users\user\Documents
06/29/2011 06:59 PM 1,092 desktop.ini
10/22/2009 06:09 PM <JUNCTION> My Music [C:\Users\user\Music]
10/22/2009 06:09 PM <JUNCTION> My Pictures [C:\Users\user\Pictures]
10/22/2009 06:09 PM <JUNCTION> My Videos [C:\Users\user\Videos]
1 File(s) 1,092 bytes
3 Dir(s) 27,939,262,464 bytes free
Thank you.
#26
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 28 January 2012 - 06:55 PM
Hi,
I'm sorry, I didn't really know how else to put it.
can you take a look at the output of query.bat are those files that you are not able to see? Or are you able to see those files and are missing others?
regards myrti
I'm sorry, I didn't really know how else to put it.
can you take a look at the output of query.bat are those files that you are not able to see? Or are you able to see those files and are missing others?
regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
#27
- Member
-
- Group: Members
- Posts: 56
- Joined: 03-June 11
Posted 29 January 2012 - 11:28 PM
Hi.
No, I can definitely see those files; they're ones that I've moved/accessed recently.
No, I can definitely see those files; they're ones that I've moved/accessed recently.
#28
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 30 January 2012 - 05:22 PM
Hi,
it would seem that the other files are gone and I don't know how you could possibly recover them. Is it possible you switched user account at some point? Do you remember having default settings again all of a sudden at some point?
regards myrti
it would seem that the other files are gone and I don't know how you could possibly recover them. Is it possible you switched user account at some point? Do you remember having default settings again all of a sudden at some point?
regards myrti
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
#29
- Member
-
- Group: Members
- Posts: 56
- Joined: 03-June 11
Posted 04 February 2012 - 03:56 AM
I...don't think they're gone? From what I see, all the paths (shortcuts) to my programs are showing as empty, not the program files themselves. 
I don't think I've switched accounts, but then I wouldn't know how to confirm that.
I think when I was still suffering through viruses I restarted and clicked the "Restore" setting once or twice...''
I don't think I've switched accounts, but then I wouldn't know how to confirm that.I think when I was still suffering through viruses I restarted and clicked the "Restore" setting once or twice...''
#30
- bleepin' _temp_
-
- Group: Malware Response Instructor
- Posts: 27,527
- Joined: 25-January 08
- Gender:Female
- Location:At home
Posted 04 February 2012 - 11:13 AM
Hi,
the program shortcuts are just "shortcuts" an easier way to start a program. This has no effect on the installed programs. You can recreate the short cuts manually if you want to.
You can restore the default shortcuts with this:
http://download.bleepingcomputer.com/grinler/fakehdd/win7-32-sm-reset.exe
But not the programs you installed later on.
regards myrti
the program shortcuts are just "shortcuts" an easier way to start a program. This has no effect on the installed programs. You can recreate the short cuts manually if you want to.
You can restore the default shortcuts with this:
http://download.bleepingcomputer.com/grinler/fakehdd/win7-32-sm-reset.exe
But not the programs you installed later on.
regards myrti
This post has been edited by myrti: 04 February 2012 - 11:13 AM
If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
Please don't send help request via PM, unless I am already helping you. Use the forums!
I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. ~ Albert Einstein
Heroism on command, senseless violence, and all the loathsome nonsense that goes by the name of patriotism -- how passionately I hate them! ~ Albert Einstein
