Multiple ProblemsWin7

Discussion in 'Malware Help (A Specialist Will Reply)' started by psl649, Oct 17, 2012.

  1. psl649

    psl649 Private E-2

    Hi Guys

    My computers anti-virus program recently removed a Trojan and things went all wrong. Some of the file and folders on my desktop disappeared, my email client will not update. I ran some other antivirus programs in safe-mode w/ networking and it cleared up some of the problems but some file and folders are still missing. Now I am getting random desktop.ini files appearing sporadically throughout my folders and desktop. I have run all the programs that the readme & run instructed and I am attaching them to this thread. Thank you in advanced, look forward to hearing what problems are found and the solutions to them.
     

    Attached Files:

    psl649, Oct 17, 2012
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Double-click RogueKiller.exe to run. (Vista/7 right-click and select Run as Administrator)
    When it opens, press the Scan button
    Now click the Registry tab and locate these detections:


    • [RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_THXCfg (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64) -> FOUND
      [RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry_EptMon (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64) -> FOUND
      [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
      [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
      [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
      [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
      [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
      [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
      [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
      [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
      [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
      [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
      [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
      [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
      [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    Place a checkmark each of these items, leave the others unchecked.
    Now press the Delete button.
    When it is finished, there will be a log on your desktop called: RKreport[2].txt
    Attach RKreport[2].txt to your next message. (How to attach)

    Now re-scan with RogueKiller and attach both the logs.
     
    TimW, Oct 17, 2012
    #2
  3. psl649

    psl649 Private E-2

    Thanks for the help, I ran Rouge Killer as instructed. The reports that were produced from doing this are attached. I am still missing items from my desktop. Are theses able to be recovered or is there still problems that I have to address.
     

    Attached Files:

    psl649, Oct 19, 2012
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    What items are you missing from your desktop?
     
    TimW, Oct 19, 2012
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds