Jump to content

Slow laptop, empty folders, duplicate files. have run Malwarebytes, Avira, Superantispyware, Spybot, and MSE

Friar Tuck

By Friar Tuck
in Resolved Malware Removal Logs

 Share

Recommended Posts

Friar Tuck

Friar Tuck

Posted
  • Author
Posted

I don't know what is going on, but I was still signed in (left it on overnight) and couldn't see my reply from last night nor yours.  I just tried to send another reply, and when I clicked  "More Reply Options"  to attach a txt file from an overnight ESET scan, it knocked me off and deleted my reply. Now that  I am on a fresh sign in, I can see my reply from last night and yours.

 

I did not allow Windows Media Player Network Sharing Service to start, and I did run ESET Online Scanner overnight, finding two more infections. See attached file.

 

I am concerned about all the empty folders, especially the ones that look like they came in the initial software load, and there would have been no reason to delete the files from the folders. Also, there are folders that I am denied access to as admin, and many others that have link arrows on them that I am denied access to. 

 

Also, looking at the first ESET scan, it looks like the first three files in the list were not quarantined.  This is the second attachment.

eset.txt

ESET Leftovers.txt

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Can you post a screen shot showing the folders you mention.. Also run the following:

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop.

 

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

Zoeke.jpg

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

 

 

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;  

 

 

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced log in your next reply…..

Link to post
Share on other sites
Friar Tuck

Friar Tuck

Posted
  • Author
Posted

Here's the scan log. I noticed that according to the scan, my login (admin) is not an administrator...I don't know how that happened, but that may explain the denied access to some folders and files.  I have been an administrator since I created the account.

zoek-results.txt

Link to post
Share on other sites
Friar Tuck

Friar Tuck

Posted
  • Author
Posted

I hate it when I'm almost finished with my reply, and it just disappears. 

I am the administrator of this pc, and have been since my daughter brought it  to me.

There are still folders that I cannot access and a bunch of folders that are empty. I will delete the empty ones, 

There are a lot of duplicate files that landed in the root of c:/.  I am erasing them.  I think they all were put there when I used RECUVA incorrectly

I have occasionally made mistakes!

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Which folders are you unable to delete? can you right click on such folders and select "Properties" in the new window select "Security" tab.

 

From the "Group or User name" section select your account, In the "Permissions" box you should see what permissions are apportioned to your account.

 

If you have admin status all options except for "Special Permissions" should be ticked under "Allow"  Is that correct?

Link to post
Share on other sites
Friar Tuck

Friar Tuck

Posted
  • Author
Posted

My replies are disappearing after I post them.   The system resources and speed seem ok.

I still have to clean up duplicate files and empty folders, and I see some remnants left after removing programs. 

Also have other programs that won't be used any more to get rid of.

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

The recent logs that have been produced indicate a clean system, no malware/infection. I`m unsure what you mean by "My replies are disappearing after I post them"

 

Regarding duplicate files, Windows does create many duplicate files, it is not good to delete a file just because you find two the same. There are many types of tools that claim to be able to optimize the system and registry, such tools can cause major damage. I would never recommend that anyone uses or puts any form of trust in typical registry cleans etc....

 

Have a look at the following link: http://windows.microsoft.com/en-us/windows/working-with-files-folders#1TC=windows-7 regarding files and folders, there uses, what actions are needed etc etc.....

 

If you believe there are still issues with either general malware or more intrusive infections let me know.....

 

Kevin....

Link to post
Share on other sites
Friar Tuck

Friar Tuck

Posted
  • Author
Posted

It's running quite smoothly.  I don't like having 98 processes running, the CPU usage is back up to around 100.

But regarding malware, I don't see any problems right now. I think, unless you want to do something else, we can close this thread,

 

The original apps that are missing are gone , I will delete the folders, and get over it!

One last question:  how can I clean up remnants of removed programs from the system?

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

If the CPU is back up to 100% then something is not right, In reply #22 the CPU was back to 5% after disabling Windows Media Player Network Service, I suppose if that is still suspended then we have another issue....

 

  • Go here: http://sourceforge.net/projects/hjt/ to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

...

 

Thanks....

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

The file missing or unknown entries are ok, nothing to worry about. I only ask for HJT log to look at start up entries, do the following;

 

Re-open HiJackThis and scan only.  Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

Now close all windows other than HiJackThis, then click Fix Checked.  Close HiJackThis.  Reboot

 

Also add this entry to the list if you do not require Bing Desktop to start at boot:

 

O4 - HKLM\..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

 

Let me know if there is any improvement in start up time...

Link to post
Share on other sites
Friar Tuck

Friar Tuck

Posted
  • Author
Posted

I fixed the lines that you requested and also ran Disk Cleanup on the "C" drive.  After rebooting a couple of times to let it settle down, I timed a Shutdown/Restart:  14 seconds to shutdown, 47 seconds to Login screen, and another 45 seconds to Desktop after login. Looks good to me.

 

Kevin, I really do appreciate your help and patience.  I'm sorry it took this many days to clean it up, but your help has been superb!

Thanks so much,

Paul

Link to post
Share on other sites
kevinf80

kevinf80

Posted
Posted

Hello Paul

 

Thanks for the update, good to hear your system is responding as expected.. Run the following to remove Zoek:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


  •    
  • Remove disinfection tools

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this. Also delete C:\zoek_backup folder if still present

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Take care,

 

Kevin ;)

Link to post
Share on other sites
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.