Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect


12 Feb 2013   #1

Windows 7 Ultimate x64
 
 
UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect

I was wondering if someone could have a quick look at these two registry elements that I've attached?

Registry keys are located at:

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count

and

HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{F4E57C4B-2036-45F0-A9AB-443BCFE33D9F}Count

I've just noticed the locations the keys are pointing to are using characters that make me think it's left over malware links or something. The fact it's using drive letters I don't have assigned, and in another language I thought I'd ask here. Also, using ccleaner it removes entries from this location only to have more removed at a later run date.

My System SpecsSystem Spec
.

12 Feb 2013   #2

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

My System SpecsSystem Spec
12 Feb 2013   #3

Windows 7 Ultimate x64
 
 

RogueKiller

Code:
RogueKiller V8.5.1 _x64_ [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Craig [Admin rights]
Mode : Scan -- Date : 02/12/2013 23:06:40
| ARK || FAK || MBR |

 Bad processes : 0 

 Registry Entries : 14 
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{F3D3C09B-0AC5-414F-9CFF-AA0A70C69E4E} : NameServer (8.26.56.26,8.20.247.20) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 Particular Files / Folders: 

 Driver : [NOT LOADED] 

 HOSTS File: 
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 realmedia.channel4.com
127.0.0.1 webstat.channel4.com
127.0.0.1 s0.2mdn.net 
127.0.0.1 imagec16.247realmedia.com
127.0.0.1 realmedia.com
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
[...]


 MBR Check: 

+++++ PhysicalDrive0: ST3400832AS ATA Device +++++
--- User ---
[MBR] c803b3d6f7e6aa9b4ff765b3cb38f130
[BSP] 499c8530ef537dff8a017b6548ee39b0 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 381552 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: ST380817AS ATA Device +++++
--- User ---
[MBR] 58216cbb943701146193585082b76fdd
[BSP] 20755ced4876ac454b7b89288476c71c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Hitachi HTS541680J9SA00 ATA Device +++++
--- User ---
[MBR] 59e978553f6543c9aa35db7e64b6b9aa
[BSP] 57347e001ed53d65cccf43f8c2196c60 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 76317 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: WDC WD20EURS-63S48Y0 ATA Device +++++
--- User ---
[MBR] 472ad2bfdc6262379d10973e382af0dc
[BSP] 278fb93e2f79dec4f3e16885a6a43e09 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive4: StoreJet Transcend USB Device +++++
--- User ---
[MBR] bd8140db097d736ff472ef67582b7d0a
[BSP] 9bd1f3cb1324c735f7d22a0757288225 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_02122013_02d2306.txt >>
RKreport[1]_S_02122013_02d2306.txt
Every cleaner reports back I'm clean. Firewall is set up correctly. Using anti-rootkit, tdss-killer, malwarebyte etc etc and all clean. Above is the roguekiller report which at least gives me something.


EDIT: I have read and am aware of what these 2 folders are supposed to do. But I have no idea what:

Q:\\Tnzrf\\Cbxre Avtug ng gur Vairagbel\\PryroevglCbxre.rkr"=hex:1e,00,00,00,

I have mapped network location on Q: but not on R: which makes me wonder about:

"R:\\KNZCC\\frghc_knzcc.ong"=hex:1e,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
My System SpecsSystem Spec
.


12 Feb 2013   #4

Microsoft Community Contributor Award Recipient

Microsoft Windows 7 Home Premium 64-bits 7601 Multiprocessor Free Service Pack 1
 
 

quite normal


Attached Thumbnails
UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect-naamloos.png  
My System SpecsSystem Spec
12 Feb 2013   #5

Windows 7 Ultimate x64
 
 

Thank you for clarifying.

A network location in my home got hit with a virus and I was checking my system was secure
My System SpecsSystem Spec
Reply

 UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect




Thread Tools



Similar help and support threads for2: UserAssist{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}Count Registry Inspect
Thread Forum
Inspect Outlook Archive Software
Registry: can't control Desktop Background Slideshow in registry? Customization
Registry problem after windows update and registry optimization tool Backup and Restore
Driver Sweeper can't delete all registry files in registry editor Drivers
need help with *dmp inspect BSOD Help and Support

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:54 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33