kevinf80 Posted January 7, 2014 ID:774665 Share Posted January 7, 2014 Empty folders listed via "Start > Programs" are from previous installed applications, if the folder(s) are indeed empty you should be able to "right click" on that folder and select "delete" Link to post Share on other sites More sharing options...
Friar Tuck Posted January 7, 2014 Author ID:775062 Share Posted January 7, 2014 I don't know what is going on, but I was still signed in (left it on overnight) and couldn't see my reply from last night nor yours. I just tried to send another reply, and when I clicked "More Reply Options" to attach a txt file from an overnight ESET scan, it knocked me off and deleted my reply. Now that I am on a fresh sign in, I can see my reply from last night and yours. I did not allow Windows Media Player Network Sharing Service to start, and I did run ESET Online Scanner overnight, finding two more infections. See attached file. I am concerned about all the empty folders, especially the ones that look like they came in the initial software load, and there would have been no reason to delete the files from the folders. Also, there are folders that I am denied access to as admin, and many others that have link arrows on them that I am denied access to. Also, looking at the first ESET scan, it looks like the first three files in the list were not quarantined. This is the second attachment.eset.txtESET Leftovers.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 7, 2014 ID:775116 Share Posted January 7, 2014 Can you post a screen shot showing the folders you mention.. Also run the following: Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Double click zip file and extract to your Desktop: you will now have 3 versions of the tool on the Desktop: Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/] Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open: Copy and paste the following script from the code box and paste into the field. standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs; Select the "Run Script" tab. The following window will open: Please be patient and do not use the PC when the scan is in progress. When complete you maybe asked to re-boot your PC, if so please do Post the produced log in your next reply….. Link to post Share on other sites More sharing options...
Friar Tuck Posted January 9, 2014 Author ID:775580 Share Posted January 9, 2014 Here's the scan log. I noticed that according to the scan, my login (admin) is not an administrator...I don't know how that happened, but that may explain the denied access to some folders and files. I have been an administrator since I created the account.zoek-results.txt Link to post Share on other sites More sharing options...
Friar Tuck Posted January 9, 2014 Author ID:775588 Share Posted January 9, 2014 Here's the info I was referring to in the last reply. UAC says that admin is a computer administrator.zoek admin account change.txt Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2014 ID:775596 Share Posted January 9, 2014 What is the status of your system now, do we see an improvement. Regarding your account, select start > type user accounts in to the search box, tap enter. You should be able to see the user accounts c/w status, Status can also be changed... Link to post Share on other sites More sharing options...
Friar Tuck Posted January 9, 2014 Author ID:775643 Share Posted January 9, 2014 I hate it when I'm almost finished with my reply, and it just disappears. I am the administrator of this pc, and have been since my daughter brought it to me.There are still folders that I cannot access and a bunch of folders that are empty. I will delete the empty ones, There are a lot of duplicate files that landed in the root of c:/. I am erasing them. I think they all were put there when I used RECUVA incorrectlyI have occasionally made mistakes! Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2014 ID:775645 Share Posted January 9, 2014 Which folders are you unable to delete? can you right click on such folders and select "Properties" in the new window select "Security" tab. From the "Group or User name" section select your account, In the "Permissions" box you should see what permissions are apportioned to your account. If you have admin status all options except for "Special Permissions" should be ticked under "Allow" Is that correct? Link to post Share on other sites More sharing options...
Friar Tuck Posted January 9, 2014 Author ID:775653 Share Posted January 9, 2014 My replies are disappearing after I post them. The system resources and speed seem ok.I still have to clean up duplicate files and empty folders, and I see some remnants left after removing programs. Also have other programs that won't be used any more to get rid of. Link to post Share on other sites More sharing options...
Friar Tuck Posted January 9, 2014 Author ID:775669 Share Posted January 9, 2014 Right click>properties>Security>Advanced>Permissions>deny>Everyone Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2014 ID:775675 Share Posted January 9, 2014 The recent logs that have been produced indicate a clean system, no malware/infection. I`m unsure what you mean by "My replies are disappearing after I post them" Regarding duplicate files, Windows does create many duplicate files, it is not good to delete a file just because you find two the same. There are many types of tools that claim to be able to optimize the system and registry, such tools can cause major damage. I would never recommend that anyone uses or puts any form of trust in typical registry cleans etc.... Have a look at the following link: http://windows.microsoft.com/en-us/windows/working-with-files-folders#1TC=windows-7 regarding files and folders, there uses, what actions are needed etc etc..... If you believe there are still issues with either general malware or more intrusive infections let me know..... Kevin.... Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2014 ID:775683 Share Posted January 9, 2014 I missed your last reply, I`m unsure what you mean, Can you post a screen shot... I post a screen shot of properties view of typical folder on my system with "security" selected... Link to post Share on other sites More sharing options...
Friar Tuck Posted January 9, 2014 Author ID:775863 Share Posted January 9, 2014 It's running quite smoothly. I don't like having 98 processes running, the CPU usage is back up to around 100.But regarding malware, I don't see any problems right now. I think, unless you want to do something else, we can close this thread, The original apps that are missing are gone , I will delete the folders, and get over it!One last question: how can I clean up remnants of removed programs from the system? Link to post Share on other sites More sharing options...
kevinf80 Posted January 9, 2014 ID:775865 Share Posted January 9, 2014 If the CPU is back up to 100% then something is not right, In reply #22 the CPU was back to 5% after disabling Windows Media Player Network Service, I suppose if that is still suspended then we have another issue.... Go here: http://sourceforge.net/projects/hjt/ to download HijackThis program Save HijackThis to your desktop. Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run) Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu) copy and paste hijackthis report into the topic... Thanks.... Link to post Share on other sites More sharing options...
Friar Tuck Posted January 15, 2014 Author ID:778017 Share Posted January 15, 2014 I attached and sent this HJT scan last night, but as before, my reply and attachment must have gone to the deadletter bin. Here it is again, lots of unknown owners and missing files.hijackthis.log Link to post Share on other sites More sharing options...
kevinf80 Posted January 15, 2014 ID:778296 Share Posted January 15, 2014 The file missing or unknown entries are ok, nothing to worry about. I only ask for HJT log to look at start up entries, do the following; Re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exeO4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXEO4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exeNow close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot Also add this entry to the list if you do not require Bing Desktop to start at boot: O4 - HKLM\..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey Let me know if there is any improvement in start up time... Link to post Share on other sites More sharing options...
Friar Tuck Posted January 16, 2014 Author ID:778598 Share Posted January 16, 2014 I fixed the lines that you requested and also ran Disk Cleanup on the "C" drive. After rebooting a couple of times to let it settle down, I timed a Shutdown/Restart: 14 seconds to shutdown, 47 seconds to Login screen, and another 45 seconds to Desktop after login. Looks good to me. Kevin, I really do appreciate your help and patience. I'm sorry it took this many days to clean it up, but your help has been superb!Thanks so much,Paul Link to post Share on other sites More sharing options...
kevinf80 Posted January 16, 2014 ID:778635 Share Posted January 16, 2014 Hello Paul Thanks for the update, good to hear your system is responding as expected.. Run the following to remove Zoek: Download "Delfix by Xplode" and save it to your desktop. Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator Make Sure the following items are checked: Remove disinfection tools Now click on "Run" and wait patiently until the tool has completed. The tool will create a log when it has completed. We don't need you to post this. Also delete C:\zoek_backup folder if still present Read the following link to fully understand PC security and best practices, you may find it useful.... http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629 Take care, Kevin Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 21, 2014 Root Admin ID:780604 Share Posted January 21, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts