[RKinner]

In a command prompt do:

set > \junk.txt

notepad junk.txt

then copy and paste the text from notepad into a reply.

[Advertisements]

No Junk.txt file. I had to create one. No results, No Text. Thanks.

Edited by Jayli, 12 October 2012 - 07:37 PM.

[Jayli]

No Junk.txt file. I had to create one. No results, No Text. Thanks.

Edited by Jayli, 12 October 2012 - 07:37 PM.

[RKinner]

If you do just

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

set

does it say anything?

[Jayli]

Ok. I usually just hit the Windows Key, then type CMD in the search bar. CMD comes up, then I right click and Run as Admin. When I put "set" by itself in CMD, I got some info. I had to right click in the CMD box, then Select All, then Paste into Notepad.
Here's what I found. Thanks.

Microsoft Windows [Version 6.1.7600]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>set > \junk.txt

C:\Windows\system32>notepad junk.txt

C:\Windows\system32>set
ALLUSERSPROFILE=C:\ProgramData
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LISETTEMILLER
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Lisette Miller
LOGONSERVER=\\LISETTEMILLER
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Windows\System32\WindowsPo
werShell\v1.0;C:\Program Files\QuickTime\QTSystem;C:\Program Files\CheckPoint\fde
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PSModulePath=C:\Windows\system32\WindowsPowerShell\v1.0\Modules\
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Windows\TEMP
TMP=C:\Windows\TEMP
tvdumpflags=8
USERDOMAIN=LisetteMiller
USERNAME=Lisette Miller
USERPROFILE=C:\Users\Lisette Miller
windir=C:\Windows

C:\Windows\system32>notepad junk.txt

C:\Windows\system32>

[RKinner]

Let's try this: Download, Save and right click on the attached exp.reg

Then reboot.

And see if

set has appdata now.

[Jayli]

Hey Ron. You said right click, then?? Merge?? Thanks.

[RKinner]

Merge

[Jayli]

Merged, Rebooted. Nothing changed. I assumed you wanted me to run Unhide.exe again because you mentioned AppData. Still gives the same error as before. Hmmmm..... Thanks.

[RKinner]

Run Set again. Any change?

[RKinner]

Going to bed now. Wife says I have to get up early. She wants to go to the garage sales.

[Jayli]

No change. I do see this though. rogram Files\CheckPoint\fd
I think CheckPoint is a Zone Labs program. My Zonelabs isn't working. Should I just Uninstall it? Thanks.

[RKinner]

Yes uninstall Zone Alarms.

[Jayli]

Zone Alarms Uninstalled. Used Revo Uninstaller. I know this is getting to be a real challenge. System still running on Selective Startup. What next? Thanks Ron.

Edited by Jayli, 13 October 2012 - 10:48 AM.

[RKinner]

Combofix said you had these items turned off with msconfig.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-10-25 22:13 821144 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-10-25 22:13 36760 ----a-w- c:\program files\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2011-03-30 15:46 499608 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 14:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-21 04:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 03:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 20:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe


I don't see anything that shouldn't be allowed to run so :

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


msconfig

Then click on Normal Startup and OK then reboot.

Run Regedit and go to the HKEY_USERS subkey

which looks like this. S-1-5-21-69476175-3800389733-3272593679-1003 (Yours will have a different number)

Right click on it and Copy Key Name.

Now go back up to HKEY_USERS and right click on it and select New, Key.

Ctrl + v to paste the copied key name in the box. Add

_Classes

to the end of the key name so that it looks like this:

S-1-5-21-69476175-3800389733-3272593679-1003_Classes

then and only then do you hit OK.

Does it let you create the key? Do you see it in regedit?

[Jayli]

Took all steps, Now in Normal Mode.

Went to the Regedit subkey, copied it, then went back up to HKEY_USERS, right clicked, Selected NEW, Key and got this error. Error Creating Key. Cannot create key: Error writing to the registry. Thanks. ***** Went back and did a Run as Administrator and got the same Error message. *******

Edited by Jayli, 13 October 2012 - 02:47 PM.