Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unhide didnt seem to work...


  • Please log in to reply
7 replies to this topic

#1 monochromered

monochromered

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 18 May 2011 - 10:07 PM

Firstly I'd like to take the the time to say hello, since I just created this account and all...
I recently had trouble with the "Windows vista Recovery" virus/malware.
by following the instructions here: http://www.bleepingcomputer.com/virus-removal/remove-windows-vista-recovery
I was able to get rid of it (I guess...).
Problem is after trying "unhide." The files are still hidden.
Is there any other way to unhide them?


Thanks in Advance.

BC AdBot (Login to Remove)

 


#2 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:12:05 PM

Posted 18 May 2011 - 10:57 PM

That's a pretty nasty one you had there. You were lucky that was all that was installed. The only thing I can think of is to try the command line syntax. You could probably bing search the terms "how to unhide Windows files from the command line' and you should get some stuff coming up there. I'd give you the syntax if I knew it offhand. Unfortunately though, I don't.

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 18 May 2011 - 11:15 PM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    :dir
    %Temp%\smtmp /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 monochromered

monochromered
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 18 May 2011 - 11:51 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 21:48 on 18/05/2011 by Mayra
Administrator - Elevation successful

========== dir ==========

C:\Users\Mayra\AppData\Local\Temp\smtmp - Parameters: "/s"

---Files---
None found.

C:\Users\Mayra\AppData\Local\Temp\smtmp\1 d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\7-Zip d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Accessories d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Accessories\Accessibility d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Accessories\System Tools d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Accessories\Tablet PC d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Accessories\Windows PowerShell d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\AIM d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Alcohol 120% d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\ArcSoft Connect d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\ArcSoft Magic-i Visual Effects 2 d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\ArcSoft WebCam Companion 2 d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Audio Related Programs d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Combined Community Codec Pack d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Combined Community Codec Pack\Filters d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Comical d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\DScaler5 d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Duke Nukem 3D d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\EA GAMES d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\American McGee's Alice d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\EA GAMES\American McGee's Alice\Web Resources d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\EPSON d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\EPSON Scan d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Extras and Upgrades d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\ffdshow d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Games d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Google Chrome d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Haali Media Splitter d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\InterVideo WinDVD d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\iTunes d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\JFK Reloaded d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Lavasoft d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Lavasoft\Ad-Aware d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Lavasoft\Ad-Aware\Toolbox d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Maintenance d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Malwarebytes' Anti-Malware d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Microsoft Office\Microsoft Office Tools d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Microsoft Silverlight d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Microsoft Works d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\MotioninJoy d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\NCH Software Suite d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Postal 10th Anniversary d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\QuickBooks d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\QuickTime d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Roxio Easy Media Creator 10 LJ d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\SmartWi Connection Utility d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Sony Picture Utility d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Sony Picture Utility\Handycam Tools d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Sony Picture Utility\Help d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Sony Picture Utility\Support d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Sony Picture Utility\Tools d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Startup d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Steam d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Tablet PC d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\VAIO Care d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\VAIO Recovery Center d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\VAIO Update 4 d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\VAIO Video & Photo Suite d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\WinAce d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\1\Programs\Windows Live d------ [22:51 18/05/2011]

C:\Users\Mayra\AppData\Local\Temp\smtmp\2 d------ [22:51 18/05/2011]
Ad-Aware.lnk --a---- 1073 bytes [19:02 28/03/2011] [19:02 28/03/2011]
AIM.lnk --a---- 1772 bytes [09:21 29/12/2009] [07:53 14/01/2011]
desktop.ini --ahs-- 286 bytes [00:26 31/08/2009] [08:59 29/12/2009]
Google Chrome.lnk --a---- 2009 bytes [00:26 31/08/2009] [09:56 09/05/2009]
Launch Internet Explorer Browser.lnk --a---- 973 bytes [04:22 08/09/2009] [08:59 29/12/2009]
Mozilla Firefox.lnk --a---- 912 bytes [20:46 12/05/2011] [20:46 12/05/2011]
Shows Desktop.lnk --a---- 258 bytes [00:26 31/08/2009] [03:20 21/01/2008]
Vuze.lnk --a---- 1687 bytes [18:56 30/03/2010] [06:57 17/08/2010]
Window Switcher.lnk --a---- 240 bytes [00:26 31/08/2009] [03:20 21/01/2008]
Windows Media Player.lnk --a---- 968 bytes [07:21 08/11/2009] [07:21 08/11/2009]
Yahoo!.lnk --a---- 2097 bytes [04:34 08/09/2009] [04:34 08/09/2009]

C:\Users\Mayra\AppData\Local\Temp\smtmp\4 d------ [22:51 18/05/2011]
Ad-Aware.lnk --a---- 1049 bytes [19:02 28/03/2011] [19:02 28/03/2011]
Adobe Reader 9.lnk --a---- 1917 bytes [08:47 08/04/2011] [08:47 08/04/2011]
AIM.lnk --a---- 1748 bytes [07:53 14/01/2011] [07:53 14/01/2011]
Alcohol 120%.lnk --a---- 909 bytes [04:49 11/10/2010] [04:49 11/10/2010]
desktop.ini --ahs-- 520 bytes [15:25 02/11/2006] [23:07 03/02/2010]
DS3 Tool.lnk --a---- 867 bytes [01:14 14/03/2011] [01:14 14/03/2011]
EPSON Scan.lnk --a---- 765 bytes [04:12 21/05/2010] [04:12 21/05/2010]
iTunes.lnk --a---- 1694 bytes [02:54 13/12/2010] [02:54 13/12/2010]
Malwarebytes' Anti-Malware.lnk --a---- 848 bytes [04:04 23/07/2010] [04:04 23/07/2010]
Microsoft Office - 60 Day Trial.lnk --a---- 1232 bytes [10:19 09/05/2009] [10:19 09/05/2009]
Microsoft Works.lnk --a---- 1700 bytes [10:12 09/05/2009] [10:12 09/05/2009]
Mortal Kombat Widget.lnk --a---- 902 bytes [07:12 04/01/2011] [11:06 09/03/2011]
Mozilla Firefox.lnk --a---- 888 bytes [05:21 11/07/2010] [20:46 12/05/2011]
QuickTime Player.lnk --a---- 1756 bytes [02:51 13/12/2010] [02:51 13/12/2010]
Secure your VAIO rewards.lnk --a---- 1282 bytes [10:08 09/05/2009] [10:08 09/05/2009]
VAIO Help and Registration.lnk --a---- 230 bytes [11:16 09/05/2009] [04:23 01/12/2006]
VLC media player.lnk --a---- 901 bytes [08:09 14/09/2010] [08:09 14/09/2010]
Winamp.lnk --a---- 818 bytes [20:47 26/08/2010] [20:47 26/08/2010]

-= EOF =-

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 18 May 2011 - 11:53 PM

Copy all content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\1
and paste it to this folder:
C:\Program Data\Start Menu

NOTE. "Start Menu" folder is a system folder, so in order to see it, in Windows Explorer, go Tools>Folder Options>View tab and UN-check "Hide protected operating system files".
In order to access "Start Menu" folder, you may need take ownership of that folder: http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/


Copy all content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\2
and paste it to this folder:
C:\Users\user_name\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

NOTE. "Quick Launch" is also a system folder. See note above.



Copy all content of this folder:
C:\Users\user_name\AppData\Local\Temp\smtmp\4
and paste it to this folder:
C:\Program Data\Desktop

NOTE. "Desktop" folder is also a system folder. See note above.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 monochromered

monochromered
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 19 May 2011 - 01:15 AM

Well, everything with the exception of the start menu seem to be back to normal. Either way I really appreciate this. Thank you.

#7 monochromered

monochromered
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:05 AM

Posted 19 May 2011 - 02:34 AM

After further inspection it seems like something keeps hijacking my searches on firefox. after typing in a website it will redirect me to "find-quick" website followed by different variations of what ever i was searching for.
Is there a specific way to get rid of this?

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:09:05 AM

Posted 19 May 2011 - 06:42 PM

It looks like you're still infected.

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users