Logs from XP procedure

Discussion in 'Malware Help (A Specialist Will Reply)' started by gminpa, May 8, 2013.

  1. gminpa

    gminpa Private E-2

    Logs attached from Read and Run Me First procedure. I didn't run CCleaner because I am missing a bunch of programs from All Programs menu. I couldn't get the latest update for Malwarebytes (database is 32 days old). I couldn't run TDSSkiller, nothing happened. I ran everything else. Thanks for any help!
     

    Attached Files:

    gminpa, May 8, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:


    • [Services][Root.Necurs] HKLM\[...]\ControlSet001\Services\868334a9e0e392ea (C:\WINDOWS\System32\Drivers\868334a9e0e392ea.sys) -> FOUND
      [Services][Root.Necurs] HKLM\[...]\ControlSet003\Services\868334a9e0e392ea (C:\WINDOWS\System32\Drivers\868334a9e0e392ea.sys) -> FOUND
      [TASK][SUSP PATH] Security Center Update - 3615320570.job : C:\Documents and Settings\Joni\Application Data\Bowataz\poteifh.exe -> FOUND
      [TASK][SUSP PATH] Security Center Update - 1414583858.job : C:\Documents and Settings\Joni\Application Data\Xudywu\irugigy.exe -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.

    Now click the Files/folders tab and locate these detections:


    • [ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-18\$f9644ece1e752963eaa09888c3ca158c\@ [-] --> FOUND
      [ZeroAccess][FILE] @ : C:\RECYCLER\S-1-5-21-1801674531-1972579041-839522115-1004\$f9644ece1e752963eaa09888c3ca158c\@ [-] --> FOUND
      [ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-18\$f9644ece1e752963eaa09888c3ca158c\U --> FOUND
      [ZeroAccess][FOLDER] U : C:\RECYCLER\S-1-5-21-1801674531-1972579041-839522115-1004\$f9644ece1e752963eaa09888c3ca158c\U --> FOUND
      [ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-18\$f9644ece1e752963eaa09888c3ca158c\L --> FOUND
      [ZeroAccess][FOLDER] L : C:\RECYCLER\S-1-5-21-1801674531-1972579041-839522115-1004\$f9644ece1e752963eaa09888c3ca158c\L --> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)
    Do not reboot your computer yet.

    Now rerun Hitman and have it fix everything it found!!

    Reboot and rescan with both RogueKiller and Hitman and attach both those new logs as well.

    Be sure to tell me how things are running now.
     
    TimW, May 9, 2013
    #2
  3. gminpa

    gminpa Private E-2

    I ran RogueKiller and deleted what you requested, except the two SUSP PATH entries didn't show up this time. When I ran Hitman and hit 'next' to fix the problems, I got the blue screen of death almost immediately. I had to reboot so I reran Hitman to finish deleting the problems it detected and save a new log. Then I rebooted and rescanned with both RogueKiller and Hitman again. Both sets of logs are attached. Thank you!
     

    Attached Files:

    gminpa, May 9, 2013
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Rerun Hitman and have it remove those items that it found. Reboot and rescan with Hitman and attach the new log.

    Be sure to tell me how things are running.
     
    TimW, May 10, 2013
    #4
  5. gminpa

    gminpa Private E-2

    New log attached after running Hitman to delete problems and rebooting. Seems to be running better but my 'All programs' list is still missing items.
     

    Attached Files:

    gminpa, May 10, 2013
    #5
  6. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:



    Now use windows explorer to find and delete:
    C:\Documents and Settings\Joni\Application Data\Xudywu
    C:\Documents and Settings\All Users\Application Data\-YbXxSGftvqFgiS
    C:\Documents and Settings\All Users\Application Data\-YbXxSGftvqFgiSr
    C:\Documents and Settings\All Users\Application Data\YbXxSGftvqFgiS


    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista or Win7, don't double click, use right click and select Run As Administrator).

    Attach the new C:\MGLogs.zip.
     
    TimW, May 11, 2013
    #6
  7. gminpa

    gminpa Private E-2

    So far no luck with restoring the Accessories program file menu. Utility ran but no change in my All Programs menu. Do I need to reboot? New MGLogs.zip file attached. Thanks again for your help!
     

    Attached Files:

    gminpa, May 13, 2013
    #7
  8. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    IF folder C:\Documents and Settings\user_name\Local Settings\Temp\smtmp exist...

    Copy all content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\1
    and paste it to this folder:
    C:\Documents and Settings\All Users\Start Menu


    Copy all content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\2
    and paste it to this folder:
    C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch


    Copy all content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\3
    and paste it to this folder:
    C:\Documents and Settings\user_name\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar


    Copy all content of this folder:
    C:\Documents and Settings\user_name\Local Settings\Temp\smtmp\4
    and paste it to this folder:
    C:\Documents and Settings\All Users\Desktop
     
    TimW, May 13, 2013
    #8
  9. gminpa

    gminpa Private E-2

    Accessories still don't show up, some of the programs are listed but are empty. This isn't critical, everything else seems to be ok. Thank you!
     
    gminpa, May 17, 2013
    #9
  10. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You may need to reinstall some of the programs.
     
    TimW, May 18, 2013
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds