Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect

12 Feb 2013   #1
indCraig

Windows 7 Ultimate x64
 
 
UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect

I was wondering if someone could have a quick look at these two registry elements that I've attached?

Registry keys are located at:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count

and

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}Count

I've just noticed the locations the keys are pointing to are using characters that make me think it's left over malware links or something. The fact it's using drive letters I don't have assigned, and in another language I thought I'd ask here. Also, using ccleaner it removes entries from this location only to have more removed at a later run date.


My System SpecsSystem Spec
.

12 Feb 2013   #2
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

My System SpecsSystem Spec
12 Feb 2013   #3
indCraig

Windows 7 Ultimate x64
 
 

RogueKiller

Code:
RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Craig [Admin rights]
Mode : Scan -- Date : 02/12/2013 23:06:40
| ARK || FAK || MBR |

 Bad processes : 0 

 Registry Entries : 14 
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{F3D3C09B-0AC5-414F-9CFF-AA0A70C69E4E} : NameServer (8.26.56.26,8.20.247.20) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 Particular Files / Folders: 

 Driver : [NOT LOADED] 

 HOSTS File: 
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 realmedia.channel4.com
127.0.0.1 webstat.channel4.com
127.0.0.1 s0.2mdn.net 
127.0.0.1 imagec16.247realmedia.com
127.0.0.1 realmedia.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
[...]


 MBR Check: 

+++++ PhysicalDrive0: ST3400832AS ATA Device +++++
--- User ---
[MBR] c803b3d6f7e6aa9b4ff765b3cb38f130
[BSP] 499c8530ef537dff8a017b6548ee39b0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381552 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST380817AS ATA Device +++++
--- User ---
[MBR] 58216cbb943701146193585082b76fdd
[BSP] 20755ced4876ac454b7b89288476c71c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Hitachi HTS541680J9SA00 ATA Device +++++
--- User ---
[MBR] 59e978553f6543c9aa35db7e64b6b9aa
[BSP] 57347e001ed53d65cccf43f8c2196c60 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD20EURS-63S48Y0 ATA Device +++++
--- User ---
[MBR] 472ad2bfdc6262379d10973e382af0dc
[BSP] 278fb93e2f79dec4f3e16885a6a43e09 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: StoreJet Transcend USB Device +++++
--- User ---
[MBR] bd8140db097d736ff472ef67582b7d0a
[BSP] 9bd1f3cb1324c735f7d22a0757288225 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_02122013_02d2306.txt >>
RKreport[1]_S_02122013_02d2306.txt
Every cleaner reports back I'm clean. Firewall is set up correctly. Using anti-rootkit, tdss-killer, malwarebyte etc etc and all clean. Above is the roguekiller report which at least gives me something.


EDIT: I have read and am aware of what these 2 folders are supposed to do. But I have no idea what:

Q:\\Tnzrf\\Cbxre Avtug ng gur Vairagbel\\PryroevglCbxre.rkr"=hex:1e,00,00,00,

I have mapped network location on Q: but not on R: which makes me wonder about:

"R:\\KNZCC\\frghc_knzcc.ong"=hex:1e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
My System SpecsSystem Spec
.


12 Feb 2013   #4
Kaktussoft

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

quite normal


Attached Thumbnails
-naamloos.png  
My System SpecsSystem Spec
12 Feb 2013   #5
indCraig

Windows 7 Ultimate x64
 
 

Thank you for clarifying.

A network location in my home got hit with a virus and I was checking my system was secure
My System SpecsSystem Spec
Reply

 UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect




Thread Tools





Similar help and support threads
Thread Forum
Inspect document doesn't show anything, Excel 2010
In my Excel 2010 workbook I wen through File > Info > Check for Issues > Inspect document. But as it's shown following, it doesn't show anything. Why? Thanks in advance.
Microsoft Office
Inspect Outlook Archive
I have managed to recover some previously lost Outlook archive files. Is there a way that I can look at the emails in them without importing them into Outlook?
Software
Driver Sweeper can't delete all registry files in registry editor
http://i2.aijaa.com/b/00227/9175142.png So this is the situation: I've unistalled Amd Driver from Device Manager, Unistalled Catalyst software and ran Driver Sweeper. There is only 3 registeries that the Driver Sweeper CAN'T delete and these are under SYSTEM\ folder. I've tried to change user...
Drivers
need help with *dmp inspect
Since no one respond to my last thread, but i really need help with it, so, sorry, but i cried one more. Could some one inspect my dump and tell me how to fix it :)? Zippyshare.com With best regards, naTz.
BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:06.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App