Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rogue anti-virus Windows 7 Recovery


  • Please log in to reply
1 reply to this topic

#1 big_george

big_george

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 01 June 2011 - 08:43 PM

I got hit with Windows 7 recovery virus yesterday morning. I used mbam.exe to remove most of it and then followed some instructions to manually remove entries left behind in registry.
I was able to get to my desktop and view my icons however my programs in my All Programs list appear to say "empty" when i click on the folder associated with the program. I ran unhide.exe several times to no avail. So now Im here hoping that someone here can help out.
I read someone elses post that was similar and I saw that they had him run and post his log for systemlook. I will post it here, I also ran the defogger.exe, I will post that as well.

Win7 Professional 64 bit

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:17 on 01/06/2011 (gcooper)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-


SystemLook 04.09.10 by jpshortstuff
Log created at 19:51 on 01/06/2011 by gcooper
Administrator - Elevation successful

========== dir ==========

C:\Users\gcooper\AppData\Local\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\Users\gcooper\AppData\Local\Temp\smtmp\1 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Abexo d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Abexo\Abexo Free Registry Cleaner d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Accessories d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\Terminal Services d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Adobe d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Adobe Master Collection CS4 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Alcohol 120% d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\AT&T d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Auran d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Auran\TS2010 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Bamboo d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\BlackBerry d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Cisco Systems VPN Client d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\CutePDF d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\CutePDF\PDF Writer d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Delete Duplicate Files d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\DivX Plus d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\DVDFab 8 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\DVDVideoSoft\Programs d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\ESET d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\ESET\ESET NOD32 Antivirus d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Free Registry Cleaner d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Games d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Google SketchUp 8 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\IBM U2 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\IBM U2\SBClient d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\IBM U2\UniData ODBC Driver d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Input Director d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Intel d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Intel\Intel® Management Engine Components d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\iTunes d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Lenovo ThinkVantage Tools d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Logitech d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Logitech\Mouse and Keyboard d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Logitech\Unifying d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Maintenance d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Microsoft Keyboard d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Microsoft Mouse d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office 2010 Tools d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Live Meeting 2007 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office Tools d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Motorola Driver Installer d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Motorola Driver Installer\Release Notes d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Motorola Driver Installer\Utilities d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Controller Editor d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Controller Editor\Documentation d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Guitar Rig 4 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Guitar Rig 4\Documentation d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\GuitarRig Mobile IO Driver d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Rig Kontrol 3 Driver d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Service Center d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Service Center\Documentation d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Native Instruments\Session IO Driver d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\NetWaiting d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Picasa 3 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Pinnacle Studio 12 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Pinnacle Studio 12\Tools d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Pod to PC d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Quicken 2010 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\QuickTime d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\RASplus d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\RealVNC d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode) d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (User-Mode) d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\RealVNC\VNC Viewer 4 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\RocketDock d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\SharePoint d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Sierra Wireless d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Skype d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\SnagIt 8 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Startup d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\STMicroelectronics d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\SuRe Softwares d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\SuRe Softwares\Windows 7 Tweaker 3.5 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Tablet PC d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\TestOut d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\ThinkVantage d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\UltraVNC d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\UltraVNC\UltraVNC Server d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\UltraVNC\UltraVNC Viewer d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Windows Virtual PC d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\WinRAR d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\1\Programs\Xvid d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\3 d------ [16:49 31/05/2011]

C:\Users\gcooper\AppData\Local\Temp\smtmp\4 d------ [16:49 31/05/2011]

-= EOF =-

Thanks in advance

Edited by hamluis, 02 June 2011 - 05:14 PM.
Moved from MRL to Am I Infected.


BC AdBot (Login to Remove)

 


#2 big_george

big_george
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 02 June 2011 - 05:14 PM

just a test




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users