The system has detected a problem with one or more installed IDE/SATA hard disks

johnb35

johnb35

Administrator
Staff member
Lets try something.

Please download SystemLook and save it to your Desktop.

•Double-click SystemLook.exe to run it.

•Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator

•Copy the content of the following box into the main textfield:

Code: 
:dir
%Temp%\smtmp /s

•Click the Look button to start the scan.

•When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
R

rschwarz

New Member
Here's the systemlook.txt log:

SystemLook 04.09.10 by jpshortstuff
Log created at 22:18 on 05/07/2011 by Roger Schwarz
Administrator - Elevation successful

========== dir ==========

C:\DOCUME~1\ROGERS~1\LOCALS~1\Temp\smtmp - Unable to find folder.

-= EOF =-
 
johnb35

johnb35

Administrator
Staff member
Ok, unfortunately it looks like the temp folders that the infection made that holds your start menu programs are gone. The only way to fix this issue is to do a system restore back to a few days before you got infected. You will need to go to this location.

C:\WINDOWS\system32\Restore

and double click on rstrui.exe to start the system restore process. Pick a day that was before you got infected. They system will start the restore process and then reboot the system and hopefully it will be successful as system restore is sometimes unreliable.

If it is successful, please rescan your system with malwarebytes and hijackthis and post your logs for me to go through again.
 
M

makura

New Member
I got rid of the virus itself using rkill and malwarebytes, but after I did, it looks like my computer also has the google redirect virus and I have no sound when i go to youtube. i've tried using tdsskiller but it wont run. and my malwarebytes is showing nothing wrong with my computer. also, when the recovery virus showed up on my computer, so did something called 'windows vista fix' i looked it up on google but i saw nothing to indicate that it was a virus and it disappeared when i ran rkill and malwarebytes.
 
M

makura

New Member
johnb35 said:
Makura,

what happens when you try running tdsskiller?
Click to expand...

after I click on it, a box appears asking for permission to run. when I click ok, it would appear to be thinking but then nothing happens. I waited 5 minutes on one try just thinking that maybe it was a little slow, but nothing. I even tried renaming it like i've seen recommended. I've put it on my desktop, i've put it into my download folder. every time it has the same result, click->give permission->nothing.
 
johnb35

johnb35

Administrator
Staff member
Makura,

Please do the following.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
M

makura

New Member
Well my computer still has the redirect virus, and I still have no sound at streaming sites like youtube. My internet explorer randomly crashes for no reason but seems fine afterwords and gets extremely slow on sites with a lot going on like facebook (not sure if thats just a slow internet problem or not, thought I should mention it just in case). also misc. question, I have microsoft security essentials (up to date) and mcafee(useless) is it safe to uninstall mcafee with just MSE?

Here is my combo fix log:

ComboFix 11-07-13.03 - Melissa 07/13/2011 17:28:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1015.343 [GMT -4:00]
Running from: c:\users\Melissa\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: McAfee VirusScan *Disabled/Updated* {91492D4B-0869-000E-929C-AE00AA450731}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Melissa\AppData\Local\Temp\ppcrlui_4788_2
c:\windows\Update.bat
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-13 22:00 . 2011-07-13 22:03 -------- d-----w- c:\users\Melissa\AppData\Local\temp
2011-07-13 22:00 . 2011-07-13 22:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-13 17:23 . 2011-07-13 17:23 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5CDC545-6968-4050-8B9C-8DA428DD2F96}\MpKsl50bc33f1.sys
2011-07-13 05:15 . 2011-06-07 12:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5CDC545-6968-4050-8B9C-8DA428DD2F96}\mpengine.dll
2011-07-11 20:40 . 2011-06-07 12:55 7074640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-10 21:41 . 2010-11-30 15:43 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4BAABCCF-5158-497A-976F-036260DD9E14}\gapaengine.dll
2011-07-10 21:26 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-10 21:26 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-07-10 21:26 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-10 21:20 . 2011-07-11 17:03 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-10 21:18 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-07-10 21:10 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-07-10 21:09 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-07-10 21:09 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-10 21:09 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-07-10 21:09 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-07-10 21:09 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-10 21:09 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-07-10 21:08 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-07-10 21:08 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-07-10 21:08 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-07-10 21:00 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-07-10 15:45 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A233E6B-D477-4D48-8F0C-75EDA64BFCA1}\mpengine.dll
2011-07-10 07:04 . 2011-07-10 07:04 -------- d-----w- c:\programdata\SiteAdvisor
2011-07-10 06:20 . 2011-07-10 06:20 -------- d-----w- C:\## aswSnx private storage
2011-07-10 06:20 . 2011-07-13 21:20 -------- d-----w- C:\32788R22FWJFW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 12:54 . 2011-05-17 16:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-13 19:46 . 2011-06-13 19:46 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-13 19:46 . 2011-06-13 19:46 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-13 19:46 . 2011-06-13 19:46 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-13 19:46 . 2011-06-13 19:46 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-13 19:46 . 2011-06-13 19:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-13 19:46 . 2011-06-13 19:46 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-13 19:46 . 2011-06-13 19:46 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-13 19:46 . 2011-06-13 19:46 367104 ----a-w- c:\windows\system32\html.iec
2011-06-13 19:46 . 2011-06-13 19:46 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-13 19:46 . 2011-06-13 19:46 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-13 19:46 . 2011-06-13 19:46 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-13 19:46 . 2011-06-13 19:46 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-13 19:46 . 2011-06-13 19:46 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-13 19:46 . 2011-06-13 19:46 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-13 19:46 . 2011-06-13 19:46 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-13 19:46 . 2011-06-13 19:46 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-13 19:46 . 2011-06-13 19:46 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-13 19:46 . 2011-06-13 19:46 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-13 19:46 . 2011-06-13 19:46 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-11 19:56 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-05-29 13:11 . 2011-05-30 02:34 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-05-30 02:34 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-04 03:48 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-05-04 03:48 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-04-27 19:25 . 2011-04-27 19:25 65024 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-18 17:18 . 2010-10-25 01:25 43392 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 17:18 . 2010-10-25 01:25 165648 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
2011-03-28 16:22 176936 ----a-w- c:\program files\Zynga\prxtbZyn2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7b13ec3e-999a-4b70-b9cb-2617b8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"= "c:\program files\Zynga\prxtbZyn2.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\Melissa\Program Files\DNA\btdna.exe" [2010-06-10 323392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-28 30192]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 2348584]
"MskAgentexe"="c:\program files\McAfee\MSK\MskAgent.exe" [2007-01-18 152144]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-17 40072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" [2007-12-04 111904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-25 113664]
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-5-15 2348584]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R3 dump_wmimmc;dump_wmimmc;c:\aeriagames\Shaiya\GameGuard\dump_wmimmc.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-28 30192]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl50bc33f1;MpKsl50bc33f1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5CDC545-6968-4050-8B9C-8DA428DD2F96}\MpKsl50bc33f1.sys [2011-07-13 28752]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL50BC33F1
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 23:34]
.
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-10 23:34]
.
2011-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-09-03 17:32]
.
2011-07-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-09-03 17:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.fanfiction.net/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W5233
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 69.57.112.10 137.118.1.32
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 18:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-13 18:21:08
ComboFix-quarantined-files.txt 2011-07-13 22:20
ComboFix2.txt 2011-07-08 07:01
.
Pre-Run: 77,821,509,632 bytes free
Post-Run: 78,073,188,352 bytes free
.
- - End Of File - - 740E21407AB8B41E64A3A5AFC0D73ED6

and here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:32:11 PM, on 7/13/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Melissa\Program Files\DNA\btdna.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Mail\WinMail.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fanfiction.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=EM&Loc=ENG_US&Sys=DTP&M=W5233
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Zynga - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\prxtbZyn2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Melissa\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Melissa\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\Users\Melissa\AppData\Local\Temp\Low\HSPERF~1.SH! (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - https://research.flagler.edu:9253/lib/flagler/support/plugins/ebraryRdr.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\eMachines Games\eMachines Game Console\GameConsoleService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11382 bytes
 
johnb35

johnb35

Administrator
Staff member
Boot to safe mode and try running tdsskiller there. Since you are still having redirects, you need to run it. i also need you to post a logfile from combofix.

Navigate to c:\qoobox and in that folder will be a file named add-remove programs.txt. Open that file and copy and paste the contents back here.
 
M

makura

New Member
well trying tdsskiller in safe mode did less than it usually does, didnt even ask for permission. should I try safe mode with networking? here is my qoobox:

Update for Microsoft Office 2007 (KB2508958)
12Sky
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Photoshop 6.0
Adobe Reader 8.1.2
Akamai NetSession Interface
BigFix
Browser Address Error Redirector
CCleaner
D3DX10
Defraggler
Digital Media Reader
DivX Converter
DivX Setup
DNA
EAX(tm) Unified (SHELL)
eMachines Connect
eMachines Game Console
eMachines Recovery Center Installer
Family Feud 2
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Grand Fantasia
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java(TM) SE Runtime Environment 6 Update 1
Linkit_eBay
Malwarebytes' Anti-Malware version 1.51.0.1200
McAfee Security Scan Plus
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Polar Bowler
Polar Golfer
Power2Go 5.0
PS2 Multimedia Keyboard Driver
Real Alternative 2.0.1
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Shin Megami Tensei: Imagine Online
Soft Data Fax Modem with SmartCP
System Requirements Lab for Intel
TwelveSky2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Veoh Video Compass
Veoh Web Player
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Zynga Toolbar
 
johnb35

johnb35

Administrator
Staff member
Ok. You have some security issues here. You have way too many security programs installed.

McAfee SecurityCenter
Microsoft Security Client
Microsoft Security Essentials

Those 3 prorgrams conflict with each other and you need to choose and keep only 1 and uninstall the others. I suggest keeping MSE and uninstall the top 2.


You should use the Mcafee removal tool.

http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe


Also need you to uninstall the following programs.

McAfee Security Scan Plus
Adobe Reader 8.1.2
Java(TM) SE Runtime Environment 6 Update 1
Zynga Toolbar


Then go here to download the latest version of adobe and java.

http://get.adobe.com/reader/?promoid=BUIGO

just make sure you uncheck mcafee security scan plus before downloading adobe.

http://www.java.com/en/download/index.jsp

After doing this try rerunning tdsskiller.
 
M

makura

New Member
i've managed to remove and replace everything you've recommended save for microsoft security client. I can't seem to find it in the add/change list on my control panel or in my start menu under programs. where should I look for it?
 
johnb35

johnb35

Administrator
Staff member
Probably just a registry entry that needs to be removed. Have you tried running tdsskiller again?
 
johnb35

johnb35

Administrator
Staff member
Download mbr.exe to your Desktop.

•Doubleclick mbr.exe and follow prompts.
•When mbr.exe is ready, it will create a log.
•Copy and paste contents of that file to your next reply.
 
M

makura

New Member
ok so I ran that scan, it opened and closed in a snap and the log is very short, did it run right? here is the log:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: WDC_WD2500JS-22NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 60 !
 
J

JHM

banned
For those of you who are having problems seeing some of your files and shortcuts, be advised that one thing this virus does is change various files attributes to those of hidden operating system files.

It is therefore possible to bring said files back into view by using the following proceedure; though it does not change their attributes back to what they should be, at least it makes them visible.

Step 1 is to open My Computer and click on the word "Tools" up at the top.

visible01.jpg


Step 2 is when the submenu opens, click on "Folder Options" down at the bottom of the submenu.

visible02.jpg


Step 3 is when the "Folder Options" window opens, click on the "View" tab.

visible03.jpg


Step 4 is when the "View Options" open, first select "Show hidden files and folders", and having done that, then uncheck the little checkbox next to "Hide protected operating system files (Recommended)"; and having done that, click on the "Apply to All Folders" button; then click on the "Apply" button and the "OK" button down at the bottom of the view options window.

visible05.jpg


The only way I have found to reset the file attributes to what they should be is by doing a restore from backup. Hope this helps. It is for XP, but Win7 should have something similar.
 
Last edited:
J

JHM

banned
Are you asking me that ?

You actually have several options. 1) Follow the previous instructions and that will make your files visible again, though it will also make hidden Operating System files visible. - You could live with that.

2) Do a restore from backup if you have a backup. When doing it specify, "advanced" and in the advanced choices, specify "replace all".

3) Use the "Windows Recovery Console" to reset the attributes of your invisible files to what they should be. JohnB35 can tell you how to download and install the "Recovery Console" if you don't already have it; but this would be a very laborious and tedious business to do. If you decide to go this route, once installed, when the machine is booting press the F8 key, then when you see the options come up select "Windows Recovery Console". Once you are in it, type "Help" without the quotes. That will give you a list of commands, the key ones being in this case "Dir" and "Attribute" The former gives you a list of all the files you have and the latter shows their attributes, and allows you to reset them. NO FUN!!

4) Copy off any important files into a different partition then format "C" and reinstall "Windopes"

5) Live with it as is.

Those are your options as far as I know, though maybe someone else can give you something better.
 
M

makura

New Member
JHM said:
Are you asking me that ?

You actually have several options. 1) Follow the previous instructions and that will make your files visible again, though it will also make hidden Operating System files visible. - You could live with that.

2) Do a restore from backup if you have a backup. When doing it specify, "advanced" and in the advanced choices, specify "replace all".

3) Use the "Windows Recovery Console" to reset the attributes of your invisible files to what they should be. JohnB35 can tell you how to download and install the "Recovery Console" if you don't already have it; but this would be a very laborious and tedious business to do. If you decide to go this route, once installed, when the machine is booting press the F8 key, then when you see the options come up select "Windows Recovery Console". Once you are in it, type "Help" without the quotes. That will give you a list of commands, the key ones being in this case "Dir" and "Attribute" The former gives you a list of all the files you have and the latter shows their attributes, and allows you to reset them. NO FUN!!

4) Copy off any important files into a different partition then format "C" and reinstall "Windopes"

5) Live with it as is.

Those are your options as far as I know, though maybe someone else can give you something better.
Click to expand...

er, no actually, i was asking john, but thanks.
 
You must log in or register to reply here.
Top