Help - virus attack has deleted my laptop files!

RussJK

I'd say you've probably got everything, so you can skip combofix if you like.

Can you see Drive D?

The Hijackthis warning is just because it needs to be run as Administrator. I would tick and fix these:
R3 - URLSearchHook: (no name) - {343db173-0e5a-4f2a-b7bb-71a49085d70e} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

I would uninstall the IOBIT Smartram, as IOBIT is a dodgy company and most memory optimisers cause more slowdowns than good. If you have 2gb memory on Vista, then you should be okay without one anyway. If you do need a memory optimiser, then the only one that demonstrably works is Cleanmem that I know about, thanks to Closed.

Personally, I would uninstall Spyware Terminator. I can't imagine it being much use, and Avast should be sufficient for all but the annoying zero-day stuff that initially got past it. You'll have a faster computer without it.

This step is a bit more tricky, if you go to the START MENU, then type REGEDIT and press enter. I just want you to navigate and confirm an entry for me. Don't need to make any changes.
On the left panel, go to:
HKEY LOCAL MACHINE, Software, Microsoft, Windows NT, CurrentVersion, then WinLogon.

Look for the entry on the right panel called Userinit - should be C:\windows\system32\userinit.exe, including the comma, and nothing else after it.

savinghru

I think i may have uninstalled tht IOBIT with the others earlier....is this something to do with Java?
I'll go check!!

The spyware terminator funnily enough has not been saving my scans recently! So I'll get rid of that too.

Do I keep the malware bytes and hijack?

Will be back in a mo with the other info you want....a bit more tricky....you having a laugh.......the whole dam thing has been tricky

savinghru

[QUOTE=RussJK;44971014This step is a bit more tricky, if you go to the START MENU, then type REGEDIT and press enter. I just want you to navigate and confirm an entry for me. Don't need to make any changes.
On the left panel, go to:
HKEY LOCAL MACHINE, Software, Microsoft, Windows NT, CurrentVersion, then WinLogon.

Look for the entry on the right panel called Userinit - should be C:\windows\system32\userinit.exe, including the comma, and nothing else after it.[/QUOTE]

OK I've found it and it says exactly as you have typed with nothing after it...what now?

RussJK

The IOBIT SmartRAM thingy is just supposed to manage the available memory. It's made by an untrustworthy company who has been caught stealing work from others.

Keep Malwarebytes for sure, worthwhile to do routine scans with it. Can get rid of Hijackthis.

Don't need to do anything more with the regedit, the key is correct.

You can do a last check with Hitmanpro if you like, normally very quick:
http://www.surfright.nl/en/hitmanpro

Otherwise, as long as you can see your files, your desktop is normal, and you can see Drive D - you should be good to go.

Might be an idea to use something like Filehippo updatecheck or Secunia PSI to keep your system and programs up to date:
http://www.filehippo.com/updatechecker/ (I just get the portable one, and check it from time to time)
OR http://secunia.com/PSISetup.exe

savinghru

yes I did delete the IOBIT thing earlier. I've just uninstalled the SpyT aswell. Made your corrections to hijack as above.

Re drive D......in computer i have 1 hard disk drive.... C..( I thought this was partitioned and had a drive D as my laptop does,this is what I'm still missing...but perhaps the main comp didnt have a partition and I'm getting confused.)

MY DVD RW is Drive D and is there.

I'm blond so you can now tell me off for wasting your time lol

All files and pictures appear to be back as is desktop picture and icons.

All re-done full scans with avast/malware before deleting Spy T did not show anything up. so I think its safe to say we've solved it.........but one last thing please?

In the folder options under control panel and the hidden files. Can you confirm which boxes are suppost to remain checked/unchecked please?

IF I have the circle ticked "dont show hidden files/folders etc all my documents disappear again, so I assume I keep the other box checked instead?

Put a check against - Hide empty drive/Hide extensions and Hide protected op sys ....is that correct?

RussJK

You can quickly see all your partitions if you go into Start Menu, then type Computer Management and enter. Then click on Disk Management under 'storage', and it'll show everything including any hidden partitions. If the hidden partition is small, then it'll be the recovery partition and is correct.

With the the Folder Options, it's up to you whether or not you want to see hidden files or not. I would tick the 'hide protected system files' part though.

savinghru

Ok i see what you mean...I have the C and system reserved and both are showing as status Healthy...thank goodness!

Yes i have the protected system files checked.

Russ I cannot thank you enough for all your help this weekend. You've been a godsend and I'm so grateful.

THANKYOU so much....Shelly x

PS Your earmarked for the future!!!
I'm away for a wee G&T now.

RussJK

No worries, had some G&T yesterday